ࡱ> FYT\rwSͿJFIFHHPhotoshop 3.08BIMHH8BIM x8BIM8BIM 8BIM' 8BIMH/fflff/ff2Z5-8BIMp8BIM@@8BIM8BIM =paPP!JFIFHH&File written by Adobe Photoshop 5.0Adobed            ap"?   3!1AQa"q2B#$Rb34rC%Scs5&DTdE£t6UeuF'Vfv7GWgw5!1AQaq"2B#R3$brCScs4%&5DTdEU6teuFVfv'7GWgw ?I%)$IJE&U= %tSz^.P* ='ָ8]Zִ@%<7sC_2oԎʬ?  I%>_LeRQp@mh׫!8x8?&덻v)t֜6u[[CYdX8IJI$SI%)$p3s,mxԾ< RSJgHu@}&zI$$I)TFmFaU̮M31.cA$J?qp`GdI%?I%'f=t~2hmz/IwrĒSDIf]ǝ ,'ZI)I$JRI$&te.mO92ݰ,=ʧUx5 )psIԤMmn9. $SI%)$IO]/3ivh_I9]bq\Wa+$I)I$g5Xk$wUnnKQp~{ $RI$I%)$hƺEm$L$Ap7K<}W/ZH.;1xs o;5IIxs@h-?HΣ>̈́KNˇfƺ׽ ۪[z5lpS;7`lO m62&5U۷@i\Vg\,&=SE$IJI$Sٽf>*gHLi+rCC{at+V)kvGJx02X 5k.kOArˤђeN%< o\hs Cs^q."Zc+WKln9))zB5WY {$O_sFVo VftS))󺨺mcIbdRbo};=mJGr՛CavIO?rwOɦ=~ ?U[+MohݰwPcsX\[dǎ~J|ى1+SP[O4U.:]Ua쟏S`)igS߫o]7֯O$'<DU$֓w/&I%>uO/ $~3o,/.J}fπ^hJ{_+^Ĥ8BIM XICC_PROFILE HLinomntrRGB XYZ  1acspMSFTIEC sRGB-HP cprtP3desclwtptbkptrXYZgXYZ,bXYZ@dmndTpdmddvuedLview$lumimeas $tech0 rTRC< gTRC< bTRC< textCopyright (c) 1998 Hewlett-Packard CompanydescsRGB IEC61966-2.1sRGB IEC61966-2.1XYZ QXYZ XYZ o8XYZ bXYZ $descIEC http://www.iec.chIEC http://www.iec.chdesc.IEC 61966-2.1 Default RGB colour space - sRGB.IEC 61966-2.1 Default RGB colour space - sRGBdesc,Reference Viewing Condition in IEC61966-2.1,Reference Viewing Condition in IEC61966-2.1view_. \XYZ L VPWmeassig CRT curv #(-27;@EJOTY^chmrw| %+28>ELRY`gnu| &/8AKT]gqz !-8COZfr~ -;HUcq~ +:IXgw'7HYj{+=Oat 2FZn  % : O d y  ' = T j " 9 Q i  * C \ u & @ Z t .Id %A^z &Ca~1Om&Ed#Cc'Ij4Vx&IlAe@e Ek*Qw;c*R{Gp@j>i  A l !!H!u!!!"'"U"""# #8#f###$$M$|$$% %8%h%%%&'&W&&&''I'z''( (?(q(())8)k))**5*h**++6+i++,,9,n,,- -A-v--..L.../$/Z///050l0011J1112*2c223 3F3334+4e4455M555676r667$7`7788P8899B999:6:t::;-;k;;<' >`>>?!?a??@#@d@@A)AjAAB0BrBBC:C}CDDGDDEEUEEF"FgFFG5G{GHHKHHIIcIIJ7J}JK KSKKL*LrLMMJMMN%NnNOOIOOP'PqPQQPQQR1R|RSS_SSTBTTU(UuUVV\VVWDWWX/X}XYYiYZZVZZ[E[[\5\\]']x]^^l^__a_``W``aOaabIbbcCccd@dde=eef=ffg=ggh?hhiCiijHjjkOkklWlmm`mnnknooxop+ppq:qqrKrss]sttptu(uuv>vvwVwxxnxy*yyzFz{{c{|!||}A}~~b~#G k͂0WGrׇ;iΉ3dʋ0cʍ1fΏ6n֑?zM _ɖ4 uL$h՛BdҞ@iءG&vVǥ8nRĩ7u\ЭD-u`ֲK³8%yhYѹJº;.! zpg_XQKFAǿ=ȼ:ɹ8ʷ6˶5̵5͵6ζ7ϸ9к<Ѿ?DINU\dlvۀ܊ݖޢ)߯6DScs 2F[p(@Xr4Pm8Ww)Km&File written by Adobe Photoshop 5.0!Adobed            "0@ 1pP!3!1AQ0@aq"2 #PBp @ODBݺQҪ<0~n-<컂V#8^tF[* Txݞ7 }"Vz*{hTwZS4r:. >q# H=Tm t<{168IyvMrz.LB(-?*{\9)O>d1>9lKyקZ[< . ɨ4\t<8Ӛ6Kz+%>yF᧷|ŘDEH}p82A+2mɐrkxu lXܜu%iGZrQ~Q֜u]lt\t_ut3nF뒏``eeO^(%J4|GZûE;~LY@LR"BC=c8ؿUp X4"#XP|ADx*_E\ډ'o(m[A+@ xv+t<6/\ /GwT" KOUwF "7oT :v7t̅EFOW0b\{{P-߻Gw+N:C޴MeYKwzhB7y}:SUvVƭkf՞n*+;;̕B{4]. 2܂{ VzN19jzLO˿' 4,#9Dzbᶛ9iuDz4caU JbLd@,úU2r]\&'Yk-O LO2&L<#Vy+1eG%= GJ,G+A<:fburL kqs'RS;}u~=2KB)`lŒYCӯcְJ^[qUjPl቉M4o#̨aFƑǪCGBSN7m=lˠ,4~N_2ap" |56 1,!D0.> يnlr23q}r$5Q4سr=?n13Gs)PNG  IHDRsRGB pHYs.>1PIDATx^ ܶE7;83hF")^IMt Q}O߿j߷o>W{nɇ #ONrSwIn_#[x @T?>o#oo66V0 K|eKƀXHԅfa @@qqa7t˾  %kgHlZg w֗i^*ޒejdY"uگ?=u'$Wdhٛ?Tp- D$"XLxi.BKArslGZ۹$It-qdh?qmSGH~mP!P牖 /$Pp߱Q)po" K Zԉea@\%!;b=MYfwA`mv L\W2Bt?<qC"9JBiS`f5*ּ D%()UqHYa+yYQQEsDž^/iwbH`kXZ0jLynǝ B uĞiP{ګTԅū]V>zs5!0"\J;3y,t,`u׋~D]P{-^XB L =X2D(SK(HQ@ix ~ &ԍ]0K>Er![)*8_TSf˷o2+ &VOEcx̥5KaD{\)U Jؐ@[.f ; lG IVsH/)tbZ4據>`t}G="T=ڌxtJx]zw Г &pĥtx V@& u!7OVn͍ݟ:vۯ@]V@@LYgzYoA %!"B;R#&jֱ^B5]Ԫkov2Y^4pMU}(yLA@,nl`bNJNEOv?K<%jY^A3A Tr0O Pm""Tԧc^xK" 6<_۴W%†ڹdQ0:] ({Wyzwq\DR^ls-fUl=GvWGۮń]B^ tdb=WԱgOyik*mvN[ J33+a+XVΦ0U)aG@`1\vhk@S0BMr`"oZWV) 5P~juռs-@:mgB; ڃE E:Lw귎}qow855.\>NzgG;r`?=u*zCj_2,Ax-r}i֫ѵDīf?p_E XȒڔg<-ėbG{țn`LPPr`c3tU3~6JKxwwUTn#?]d#OGt'z@QqŠf^+<  @Ȟ#QYG?<C n|%F aֱм+ )Q>׊5z vŽW5Tk@BA|p܄@kHիw$deОxT##-^k$.ZC;[͹5ϒK79w3 譸bN'8'tS`5Y~cz9.re8."tihfp= r![Ovy}=;:vzd7q[Z{[ۿ jUT֍c~V'v "`~8-}VϨ(h  p \vhz'S:Yvզor`=ؽm@n@@G9=G=Wp@(\Uln~:LTP(Y}]Ԯ型f U}ij71[leW=8}dy_Htx5h,{.j#}d?13 =<nbPb`mE)mQ1oŶi l+7+h+ $x@|x1", p:j`@7eL@>%_SRe?( @>p2@?~?w*28/_k5].4%aͫy59 x0ovE ݟgw@C$@D;N@ zxrY|&"BdI4{gAڿ+zr/a @I۸pb) NEj8W;@̃~5 {UR.iiN=v`F11"O48F ̣7܈@IȎXOVkfLn~OͩkZ˚ tRP;؜%,`7y}?di:M:Vƞ( sy<ȭrth @Iȶ*EOmnjՈQuKTM*/Qj:-Tgh6%3%F([_A&z}*{coooqܳs`\   z:OhX=;4?:wyvR?ڱ/?|w޵ޘ-l"pO & 7$i  p7{6x4G/R#pul+Vj{U;يF95{Y ZS-|?i}?&߾#pWSA`5Hz7U7[tƍkƼ/!Ye>; 4d(֮=qϛa8< .~iU\Z},$pMMg*q@\x6 :ԬD& TK NqиBjc;}5M޾]XN&۟y,{zL?\,ұf 쨊$fMiLIk3egyV]uVs*;7~*ei;ow垅!_YyrJlg6 H$dۼ+EOmG\U'.KЯ`ZHχUv2|`J"@wG-PИ>e+xBټZכ.=SjL5խg*}3%\ӱ}"/BxN׸vUUG˒D<Fd8Пb'~_Oē8Q6M+ZnҰ# .M.% *R;ٗ(D}_\J0ʪ l#C lmWW6R.I]|-%kIO] F BbӁo;S_@aGc SWZOcD"̿ I`>x-9ej8c.퍼} ˋ=ӟqť|`RuJ:kQqk毜q% o: "Y̓/;~ !@"d_J1SE9iE;mAN# o+m `ڲ AL;|p lm6j~1 hBT Ǐ\T>5Kyg)17)ik}vCɓJ\@ҭC$,]x5tͻaR0O"P[ziBK'>t+YlU_6^x▴b/>"Grxj +B3[ܞ~sAQwo9 2T@ޫYc,j8Wi@4C%-kf+'V撩ͷ&g . NxNjҠZ5[e?sB<b![ U^*_6TDiEOJaS?b뫀Who/Uy գqA=;q2t'ה}~)s+X`cMܟPýSiϻ'@J$dc*SW# dH+Ѡ)uQ,,f@㱗)TWe=̹> з.޷blK5OTZؑ `F \) Wo|*צ>=akzA_lSrTJk>QOJhnOcAGG AtL׳Z*Fᄚ-~_\tlVRΨ|j(*(.4ݛaf?$q!g=uAn>H$ɣ lGd^*mտdEHtףp<6t' e&GT2 C<;7ޅHv+̅SJpԟ^V^[~M@DhuϒVw[Lڷ&C..yJ&!Sj_BSCjx`L J:7Rw\uXe @Vq)֎*Ѳ͖XX#ğQ#QDFz @.d*6>\kt>Ň3إb)/T͞Oy!f}dy5/$ju>qA{/'-ce _Mg6R}d&<[kQ`YoWcmrz?HK鿜=O[y\T7`t&dϢ<Γ- 7A8 !{3"Fy5mԲbvKȫZw<]֑ m[Zx\sk,Ƴ3+XƝ'] 4E`&4~!_=_n?7qit>p|N:!h  D|nsSnl!xЈ&ƪWn#v 㒎m-ox_mwq;x1M;3,3%|2_}+W_yˡƽcRUo]:aflXWܱίxiɵ8%(ԳwT~x7nݟ>@ߐǽ_]"[MvŇD$dGUiXus*;{__%=>\]5@Ů:7`Ru-nsқWe \5-E?}/yM;i/ԝ~UWڡ %!<avҘnNn'TZvwۋQـ)C{J~7>}MGD% DWt^=U0^F`"4KQE݂? 6\j5krTt$@g=e2e2fXG2/a@.&Pc*i;jD<\ ~INUv.>0<<UGʷ@Aֽ &F!)+[  p \ӱ}"/…9E}G ϲĉWBPWQ55FO& gMǍSZ\OqTw\uohy%@] 9F|-71O% JQAN]/,S[Lo]i_!ZfO.0ya@U#5y0l +j6[{fu c8@{ >kCqC# j @%! &T+}t*4`4:rvhd`@@ddColmsUj[َ{){#|\a+H(웣K*f!;<'uљaA & jV x’߿IC z@TZ@Bl'^BK˳C>,< ⾰SJztG0t[N !Ϻ˻A;>z h?r>5@rY/q`\V["z(Ϭޙ_g7g܁~zN*ix! orq>w0M8N$dGUe sFᦉҵjR`jO|./~~-Pv^`质!%/yK٧\pM; vnD[Я??I UrkOki;Zrn=\0 lYy,B%êxQ5?c)WtϬ%F)Uf>#%› Pe(y X`^I}AIbPSkJc;z%XX#zv8,qѥb^\_Χrm"6䲒>AI_!(=KW{Cs <r r7gkE/3w rA3\E+"c:RvF}SCQAq^4Cľ漢!H}Br{0ۃ(~,zy,jb-I%<@.d۬*L|WEΪQ,P2UnIēD:vIqi=楣qnkT"؞)5eьY* _/I"4{\Ul /MTD:ATf0'EuWGˋ5*Gr|9_sUAX -a^<4t<#~j^Uj;b>|ESr|[S@7z9'wl*Mq o&'{y1w:x7g    7 I    6kP| ktWP o DWs.85̉5ԤVjmq x5r"} L @DY 7;N` ;M^HŊF򻀽}^'1F|ɉɀ Ǔ}>'w^ 0KZZC}<֑UM"54}lm-X\#F_x&U^F 5kup*v zXyV564񫨥ϻ*z@8m*U2k=T9yޔ %GBO VTw])KJdFƠ  Bˉˌ΢:6jdsX=-? fbJAMJr:CCOw  ȅl^If=w[̶֭UZ G౎~ke#ˋ̠LV$ r=gG~ =& LU3{"dE,e *4@ @%Z\o1I /-8  [ }xdd\p@@@@-5͸Kr.^ֽ jai5/[X#G{ꍴ͹D#{tLV#ͦ##:\D *-{)4DN:4̭n8ϢD&\]V° *wtem*v C%|7IENDB`n 7;7kcs[PNG  IHDRP sRGB pHYsj ZIDATx^ۙ6 F$4Nmox%a, p(/|q׿a@ Vr@8%i @Z9@u ߅wι.tOX?8 uE(Ƿǟr<|'pƫ麥o h+}D"{NgԲtT8p.{I]׈[KaZP3yDCԑvzY#F}*֩_N0>*K+˧P7%1&JiV=IST6ҞXGqu'v)]&~blNb+K:%.8vOȔgx!v‘Eii$c)ISSY_$+-Ch"Q+S$gjy(RՙTnu'CC-bgcNpM9.LzJ%!{[Q5Bc2{gOλQGoO}|) HfR ͫC)jpo\1ZR}FcL[ʻ25SkX*)lJrgu&x򳉄no-=F+[[߷^~n)) ;5ϱM"6kyt(zЖy+=~n)|FySwdEECJN>S"/! |}ȫqּ2z\kYge9T1O};i:z5ӄNPoC&I_|)`Xh˧VS42m_2eI$zk7?ȚsJ^)%R}+GK8ם?j ]nrC;@ !` &L@ZمK7U^1 lE`Vn<@0 &VϨ P<9HbJ` 1*!<yh 99\ <1kM}>=܂Wfv7! 7G^ِ*ַiMD2:( N6SWl4kVD*@ XǮi&u[ EDP)b!]LVM1 #mՀ:0\FE+#g˂i8䏇? #(A)z2ryPqh$Тxە6v σ?5/ /SөCy]OcC+V)*Nh?-L@`-c ~ Sz8OyeiftvV ǟk;xV޹؁cz A;9Jswr=sZh.hւIENDB`nKqdzPNG  IHDR`}sRGB pHYsj-IDATx^ (FSYJ{iRf'5(:ur*~ o߾>.|A``h@@c@@LK 1?+k$6Lkoi??>?DZ),1B5LChjwBr -=cFm60]wg+LKXQnSJRviO_w~EDН !#FxDiSf~1 ˞u7&\toz{m`>O@!/˖< \C>nPݎĜ` ev{"} ry[(NyW7894hy.zHY 2J?@,qJ>nKs͟aty&)#&AONJڅg{OdS]."zKޢ_@۟% sA%f!\Uaa.A/11 #"hkÈIᾃ"8(!2 RXba6pAp( @?"Ʒ%AI Bvn;*=9z=o=X zh>hdy;Uֲr@`HA N%yOOR&Xbk4Ih2T.: |X⢟/.$>ҫҽ6FaFFYܗ Ӎ:YNߘ`D-ݛ5Jc @M<"7 (pNlB3DDނ LK gD_Tk%"}0`xwW*gAJ3; |UNwaJw/(p#DMק2_^Wo5 AqOSI%gḓ/K۽ƀ-{8ftJw*U۽M`piN!J);{ tǸ|k۽#E% ]{~.![~>7//{x=t,qJ=^бk<"۽w]'QCG-{[uZ}wx%oRT3!t?/90LE%uR9$$fNW3+ UAnѣ=+#vo+QAD  `SD!'$1Jz~p1hG'89AWISk8{ .}bf(coS1E/g'`A4Ӣ{ -{O \aŖFs5,s%inO 7'` e(- ݐ=t, V 0:hKv\/Nޗ Gyuyҽn)X_7:Akr"$ mt96t}cR0 !‘mhM;IP+D ] 08@ 0@Așb^ӡ04 4-,6S),1LB8M `JvqBp:m5mŵ>/Ժ.#V~ H_#L'.2k2$6J,kFImRa\g޲ )g^䛷A-\C&\WL)e9_^'6ᤡY?@lV7tSθ^Nn5Eo~{/Ss!(p5X]MK= :\|ř_lLNJNbMڅDКbyq1U_OSZX^^ ?S)L1VuRkjϑQ9ߙ9ʈYߨRtaXWޚ?Zp8-1$"X_%\^)BN&+$c)Fw(MRjG a9mbDj0^J"{Uh~zbYn]ro%_/c4FKJA([ڈz'o!B18.,108@ 0@Έ ?;(' p(-l7)iy*gHI}x)>(0ZE?8Og-[.&Tb'{j S-"uH%hb9࿔w(! l}!T{N1.; paM#pN7ܵ >CHxl0Ovq_?HHFhC|>yˣ$L Zbmw7Ҡperi"P&>XDM ?5ayBy )}-b!([W{ޛoi7/L]瓒Q=ɋ GS+|mPC6KSP>e qZLu1^ڃ fl- 0}Ӊ:{ yŘd9MUzN+-hwG"%E4wh/b̓ ;'rQj44&@OG. GK ?h #. G5Z_bJ ?kw~GbጁB@rG@j/]C`##NEpvEr! APAyqۨ G͜Nu^-לO =DP~0wlE@>'0wGu̴ҽGbuv) ` ֝GJ;[nN5)/Bwss=Hwcs뻐7O16-U]xD+OlA<Zצ3^ '%_;FKJ @2ļ{0P XbO@;3AO?Ok}cBIENDB`nh>D"'PNG  IHDRpr%3sRGB pHYsodIDATx^m'FݳYJv2Yg'YJvCLJ (>îtEg}}ޟ?SoZ &T D?NZ@@ԧz@gsq"<$}2q Z^^Ee&UQM2M y?*5zR/:d(uOOZ󍔿iu7gaZ5˙F- kU "PEoe;[J?{薡v?rn0zNz$[&M}nDS  ʏPfȜ!+𑇛 pP}xk6O>`Q^ Ca-+6c=77+&?Yu aԻ|Nzr7 ̟I,dv(lX9]Bspӝƶz%n^^X[,/zOƨX?o@RYnwFӳc+ձ!d4(YN){3)y c7s.4wy_ժ}: ;c5Q_ 2<`` 宨@pކ_Zުғ*1 +_Љ&ϟ(XY"4DjWpeqDK"tNhvPn%)UeP\|[u54׃kCQҒ>Ah=֠w:T-GOtp(*#o&BNtеt<;i7B+wv7% ba\WKUO㖍l0ᦂ|mak]A<_.+GWۈiZJT T^JɬO2XԨ""Ouf)YSx2E:[+vP8 M~n(J.(kȽ˝t' FM P@yGN9 `pMpѻc9±m@:a*=7_0o2 dF~F:ۯmJ4 [Tb؁2 ./فl"D'^kNg˳v.rgzSPLq.uT0nedп?i"ZxpN@\Ds] @ra.$.de<&^U 2.TŷӟC$[TD C!C~>c `'M;?XG!CI4OձTUzˣbwyU)>,sS5)/'lfC™ʱ/@s\{7PV,P {) |w}t)^4@ۂN,\@Q HZg_i! h:G,hiS1v2H^V0pEu,%Tzn8gٹbt>.$}Y4peڢpc:ލ܄WQ 4~qɧHè-;%'75&0E<х pd(9JPV҅Tǃw&%,r?վAL*yMtqfZm2,.!_j(61-ik}Gy}Xhr !Cy5GH>ZyǑgUR HTRZWXP> s (.Uj?o]7X/(ȭs/Kb{@?u`IhVJ߮9V[IJFm>"ֵW[}MhMɱvFepǮxmʹGZł'>uơjo=#2zYyw,7M{KߡU uRPrLŭCOnȳ"ߜ* 'J8P݋飫S].Uȱ<44G}9\Ь-||SXElcSJ3 a^atѓU4uc ^b-aCrh  ' E w0P4&*ʖ8aXn'oVM'l:~g_/*(0I$n7#"m4!CXZ^Gⴁzz@'2Az-= d!\QoIvR n S+4ek{j( 5=b?W1M4P̋[@28Z=KU І!ۥN B+[2&bUS_Y 3";l2n@:6迠 rU*Sz$n.A3˯\~  ",cχ:jh]*2Rc$<~eD*!Q7ַ[؅z]!v69mAu ^-$igi1X|{j t"/  >֟hjݐoFx`?,>ҡA֎)#v(WA&{{ƕ,8KN%e}8f,I}d[zԧ/0TJQA5}*@}RZ㳟F|'sn0& ж_[n?i>Savd?O9_ܢ)5T{9oAN / 3^Dq}jxHk<ga" > = ɟ"yv ytɭGsTqUɦn`ѮJ)ԏf%v_.=Uu׵^JoǦ Է6'ՅE,yi\Qsr5Lj _B1kd{% >OK~6(w=Jv1 [F=?S眘)מv/:ν[3ڛ7d5}oȷ-y܎| o[l5 >נ6@ 3-[P0V#~n=*jv'C+T[,YC`ʣBH+c}H:xa=LaMl]Oޞ_[.ꣿfeu|fүl: S'Ɠ8Wsi&cf9rinfoK5R _Q_rٵuָw֫[.5~ZB |>ϙGK;9F7ַS Y9x,|Nց RU+Wbx\I>ŸH@`^0?#ȷ݋|ZN0-J @@ g11Xb onr{@M'#uʏx߿63Aj'@M'Mi=;+=j'hqݤ't0f֫5u8_x e*H.δ8U9'PR 1sn r|ګZMς>@9f3qin|wK0O0n;2sr޿^$je{I`y%ϲxb~Y{!Z a+r/]Nt/wA>9q!Mzҙh)iþŠ(5iR{|ꗯoL\je>r! ?wM^IrcҳB;nOK x. WIz_XW[L"D3 5OyN>y̏l=ֱ4sբ^O s%Ph@N@(4 >?;i|Ehf >@2,Â55Nv`<{j`"3+|\Kƫ̚ruβrqNp~SB~ǃD}s_/ߐv&*)S߬W#>FI˗!`?>/:gu.B@v7(EPAm @|ƴv@e懽S|L}^0_0?8BsG-&ٲaz@̓v9rQ퓃Rc-j9>ߐ8h~ 8MWp:D~ЩX3Ꞝٱ4̈́Ij:*nsz'2Wj(nsk+lt[-|3:Ө)X:#!|ԷУ#ՙ}߸4){'W'5 ,Q<60Aܒo媂̚>k"x%tEyWZ@1 Ќs3d">u SYw:[QIENDB`nCq]~>hg朳PNG  IHDRqn2}sRGB pHYs.>IDATx^흍u:F׉g+tdN^'t A( ^ҟ0/ (򯯯ΎiA5*ykL\Ŝ @'?bǃ=; >>n.O=sr0@ 0Kۿv}<ܣ m 4cB㗗iח"**wNd(tBMC5\3-"@.^C:>t0$s1@2*O$L3· >+u]"z_q z_ FO6!! 8]U7DUIAB}w:.1ps5HF9/ޘp^ #A*6L8ɓN@"nt^^b.i#}AC4e}VQ?K+j˯R^+t2U+ "z=8|3XWԻCoEbDGv$xBfZ\v5o@=J*m @`&iC| \Ɔ} f&ϼ:@`+T~+AC*? L*}i`S)w|=giqGǵ[l8c@>;wʖGSQrayf#lͲuPB @`6uwK<6}%ly}fvMei s6RWAˡ"A4PVїJ$N$ͪa23ʓi܊@]9iE%p$0'~.ET믚\&*~EV,19Ɖ}%ݓ[mJ&  $PWy //h\LHlj`*&pRTߛn-[H,S,0z݉N B*]*Un #ƯBC@c U*&h8rD~$ՌJ]@,tܙs TNK\.]Ÿa6;,/jWT=+zKb0m=eewK@MܙTuQ|}5/ ^ 791  U>yGlǍ80[f"b@`;Q? mH Mݽ%T~\@У- qgvo˿7AS@a^C%*UgƚۛD$/ p%Rlfloݕˠ(/?  WZ}%?6CA`0-]^坘?]J  x&xݠθB2 ]̨DU|-@e XͤU^$5Vս ^N$/d8@J@$*iO&Ums*5`o|q/ ! sIJ^T>~APjΚ0* q/%'Ry=@I^~5&=A6Py0po B= A&͈n @7jRh7PFT#*ؿ կp/ &oMҚ|7!CpgT@/BZdJ|I(b+|G(﫦nW[oeN7! <추)z]}T_NZ|cre)xJ;MC\') ] ,~`#}Vk;_UY+s%[eW}fTyb;\sU2ۇ $cةϹW2j ,LTpfZi {_Lq ,7}6WR(z}?~/[]a$ 6`iO&EUpF]w}_>UsWP9鯱i!MUtu2>Qft16 VfkkC 2!2c" |pө|kh/QԭA)4Ǔ8W28F^bnYOU^b_'/_%WW@x,V00Z[:Wyi;j%$f3u%PVn m |Ie(.cM!p M<E&'\yr@m4ͬ;'csښ10 ;:zK26vXB8@ċO^9 `!08/]6gs&2>Ŗg-I;/Lr}«$^?+>rZ`'Bw,_،* rV?Ƶ+SUL> _2~R4ٹ6~O@N~tB44 ^-׺Iy\?ɄO`,@8__', v[Kfo ],M`|,VeԸɐ1B; ==>CK`X)6$jT ~F5Լͨ1lV%K=Uu\&uX>]|Xf59z; KCE;V $Mr\|?[@yyذ @ahw vHPyMT nh/.PfRo-ˣր 4/NX~Օe^˳ L;IJ0\tG ױMTwCsIqЋ.(nC`nٮCQ rOa6cE*wòBnCD+UU΃ ~(ݛn+|!@^~+gJm%Xl l<+|:_.|k阳/xfVdoEv^Nr}k:)MƮ)S`P%sVAvȡD;:q3gYsVφ;ks}ೠ1c ו*^u}0,\g^,|@yy*OtrOڟ6mT+<<:ԋyd(j9,܅|BRg.Xnв!T ^y)ǦD0 09w&~|=//KLp8mI[Km=X |Y/Hs5Ua%]3Æ@xz"<1" (G2~itU~BSHnQ9>zYc?3%@s3: OE&A8ŇAa@`ߚ\}={>gGp2 ?!@UpU_J{ny|= t0d[nWŸE+@ %Wұ|-UA@+ RޞX>Nwj]T!Tso67:TY nq,g?b*=cr^WylvテmBN Bߖ!@`*#cy鋼T |x!>{Ugl&F+@ ?c36l;@Gc87",?[ wSEC8XƇ|TnݕA؛QoK')|7C8@J wE= L }۽g @SC)*x<& @NUUGޚ1 ;lFS79$~mW8 pu)L+K+W_0 `'$b @D"ux %l G@%>ʻI/ٛg@%=ޯx) %T$>Hl؈;/v:IcsRT:}bZ=zO;*IbkB劉_ӽSf +"&o0a򘄞({sLx9Ք$@xG*9 8%M &ƽYLX`zUBN^xoeq"OpPrs/ﮐ_U72Q+O{=4n+ӭ**Be>[i_Z*,:,ͲVkIR4="cm BiosQ+?`$XQNhAD;kAU((.|1-Έк*~>WfN?KZ?wLo~HiƐq˽LSo6b*LU7&>غ-5̹Hnnc0B'|W>ҙe{}kJ;Z+Ik &Jv^g«'w# ꦋ^uᆖQn_u#|k mZ!+y"SyGyi{0$^BC9]mFl@9e93m➶IU}-ۥx܀S/4Q~!^Vv?a}kA=I+龾ǍN׾n@ikhyVs茹-^) }K"ɪ~R0{Gy%4Fl$Pܫ,ŷn|{?g\̚Z H`sc8 9ւLte{Ki]EBNAcU͖"`*nB= q [s IF܃59oT3Bָ9v~Nr"0eOw"1pS9o7<'[{O6T߰@) Zs!`"B~N<'s1&2=\MhGNΉ~vo 30fY@pO[?n4:3vr^F>p:|ANyI?'ߝƏ ;qp?'_WMdљ-1#`{>tkr#y'AR垁~RccVة8Xls&j*naP&As!?=vr9o4 *o*3vdW4py;9g|+ޯQ1eyB)k>n7i+T`Vɝf:Arκ2V-_E|#q6VQ1J_% @ݏZOy1uji 6^L}I'"i#Ij1U_%"UfΩlEYC<*2j?{nd`{ro; ~Ji@,*k0ޖ8S =4`ҾS\IfTJ̗؂cE>R'b7摅'5L;e"v;MuH 8debe^MMݙn1샀͜s| !7sHj[ _[tקbOA@_`#^+G,T"W&J%VWUF/v)z!ٍS8$?gϟFv*=?՜q7abZ^n=?3=9KWQ, /ꝡ ]e<|MS^(*#5:𢎖z*#X(-=@jOV]Kt7R VC|fN@m_/ :?&K'9k3N1GE -zg{k :u( (`6#ތfvؤ KegtMGKt8,EYp nh}ӗ-. י-C|+? N,rhYW)T>jE xRKI^:YGDb 1'"ii> P1̀#e~0Ag@/lapyBy'U"}s9&0o&Eo*D` ta͖ H X(ڿfY(JD ѾngEQl]k>'Ciz9h-mT(g 0]VP,`h8ekh.\Mh-m׀cIVL'R,@(F'dT\xG &YtYFhH|*0^T_D)BL#ƏЋN@h~M&#@w2[7adJXʵ1^trlvɀ^T5$ iGdfWxstnibhδЮn^3>xQ(%q+myh[kfJ2Zr3er}xto]SMkh _/uCnFe&C./L.Z2Zt ߌzuk鈨8(b>wEQw~~3&KBhrUb6ZV?"M}+=\HZ ~'o,uE} LCX6"yQf^ 4D/z6^/E7]:hEn+b,O"@.VD4<GAzd4 b*%9 @ߕklb60^T nhF#}$@f3&{8WΤ(yP|HyP$Ȏskh@:`]saD"E@D,YP1"@"OF^g ERŏY"۪#p`۴g}0T]LpPZ|Ǘ9ЋNFמ~ͫttRSHZ?0 XW[X=NJyш>a|DI*YUDT@- E+ MB']() C߻h˓Q)+IHl9ECȞ>3$j,'mFѨ.8iǨ9 S0/Ȭ{&%<00EK$F?4>3d: Q9xK.]} :%tЯ?_`ǝ3dtrF7{i>]pFHà轾==,=t EX$؀ I"G^TK @gD@!Mz2?ߪ*FE*WËjќ)Kĸl nBQ') 1hv/&˂EJtnp0:thG\U|fNh1( tGF0*8"fҝbr$4K{T2+(&9EwA9Z"ތfvؤ ggto9fj뢃,Q E73 / י-CO Bitmap Paint.Picture0 Bitmapz0?: Bitmap Paint.Picture0 Bitmapz0BO Bitmap Paint.Picture0 Bitmapz0GP Bitmap Paint.Picture0 Bitmapb/ 0DTimes New Roman?|dv 0|( 0DArialNew Roman?|dv 0|( 0 " ` . @n?" dd@  @@``_>*whoosh.wav.WAV 10103RIFFWAVEfmt ++data~~~~~~~~~~~~~~~~~~~~~~~~~~~|||~~~~~zvtvxz|~zvrnlrv||vtrpptz~|xvtv|~~zxvvvz|~xrlhntzzvrrpprrx~|j[QU_|bICCYn[ICY~zlnh]_r|]SUSSjz|x__l~v_]drnUb|nfd_]d]5=rrnj]jz~lMldrx[[_f|YQfWK_xh[zx[CIjzxxdSQz|_fI9WӹM;QnvK;OUx~xj]]YS~ɵlM?plM;CGpٵ[)Kh|% %;xtKQS]ɖbGr|lSnvz~nfS[nëx;Az=+AYݻ|=/1r_ ?|潄W5/Czãf)/pvbMQr|O=OtjdhjlG?G_ɊK3לdQCMppW;1SŷAMz/#?bx͖SAM[hvhYp~~zrvt[]ptWOUtxxd]v~vvxzd_xzh_nrSQltbdp~_lrQ_l][tf]W]~hWfp|fWhnhbU[hzlSCWbYbnxpdhjvjM9Ot]GQ[dpp~hhhdpx~xh]Yntnrp]dlvjQMb|vdjpzxzztljr||_[r~~jb_j|z|xpp~~v]Wh||zx|x|zzndhpxr]Yfntzjl|z||~vppnrzphrxz|~|xtrjjtv~~vz|z||xrrv~xrprtz|||vzxvx|xtx~~~~~~~zxxxx|zxz~~~rrz~|xz~~|vtx|zxz|~~~||zx|||~~zz|zz~~~~|~~||~~||zz|~||z~~~~zxzz|~~~~|~~~|~||~~~~~~~~~~~~~|||~~~~~~~~~~~~~||~~||~||~~~~|||~~~~||||~~~~~~||||~~~~~~~~~~~|~~~~|zz~~~~~~~||||~~||~~~~~|||~~~~~|||~|~|~~~~|z|~~~~~~~|||~~~~~~~~||~~~~~~~~L7carbrake.wav.WAV 201026RIFF6WAVEfmt ++data6~~~~~~~~~~~~}}}}}}}{{}}}}}~~~~~~~}{{{{{{{{{}}}{{{}~}}{}}~}}}}}~~~~}}}{yxvvuusqqppnnlnnppqsssuvvuvvxxxy{{{{}~~~~}}{{{{{~~~~~}{xxyuvxy~~}}y~~~}}{~~}y}xxuxuvvvvx{yy}yyy}~~~~~yy}xvvy}sps{{qiksuqgiqsqnlqusnpsx{{{{{yy{yxqquupnglpqpnpqsusu}}xxyy{{{~}}xxyxvqpqvunnqussssssqquusvx{~~{{}{usqkipniggkpvspsvuy{xxyy{yxy}~yx{{y}}~~{uvvvxunkqunlnpquxvy}}}vvvspnklkiilpquuvxyy{yuuqppnnquvxxuvvx}~{~}}}}{xxvpknpppuuqsslinqsusssxxyx{{vqppkilngablvupq{~{y}}vyuuqlkknpnkilllklpqplnsyy{}~}~~}xuuqqnqplfffffliklsxxxxx~~~~~~{uquupigkppu{}~~~}~}}{y{~vuvqqssv~}{~}xsspifdddfkpsv{~}xuuusuuuusvxvvxy}~~yuqifdddbaabfa^_abadfflkklsxvx~~~}}{yyvuvvvyyvvx{xyslgbgb_d_bilqy~~}{sv~}{x~~}vqqux{yxx~~}~~y}qx}sxx}yussx{{vxvupgdfkd__^ZZaa_aaZZ\W_bgbbgillns{{}y~ygabi\TTOPGGJKH=CC;CMJ>@HO^^_nqv~{{vvysnklqnfgpvniv{ulnspspgfnvqgilxyupquyysllpnklqvspsyyv{}~~xx~xxuq}qgkpxskkpqlillniggglibb_bfipppuy~~}~{xsv{xvy{}}~{~}yxvvpkilpnigdgkgd__gkkkfdfinnllkpnsvusy~~y}~{}upkklklklnqslllnnkkkidadiib\_dfiiiinvuxxyxx~{xxupipnfifdggfaffgipliiiffafddglgknpv~~unkpvysx~}~~~}{y}{nglsupnsv{{{{{{{~~yx{yxqquvyxuqqy}upqnvvx~}yyvvspxypqs{yi\^^YWPJKKMTY\^Z^ipssxqpuuusuppu{up~x~uǦqx}s^HCUP=..33+"!01+)18>JOT_nsu¾}vlf_UTWRJGJMTWRORY\UUYW^a^^bilkfadluqnusv{{xpifksld_fg\RRYbdWT^inliabgkgffdkibiqvqsx}~qnxsd\lvnYTagaYPUa^WMMRMKKPTRUW\_Yaknnls~xvy}}pilppkbdbZUZ^ZWUYZ^_a\^bdknlllqyyy}vvvqifadZY\UZURUTRYU\\UTW_d_\abipsx}}{v}}xpsxqukbgl_bgnigqqnnkflvg_d_dkdZUgyndaluliianxunpx˹ǵǾqqd_UOKC90=;03>CCJRUZYUP__UTgidpx{vx}{~}xnuuҸxdRRJ9,&!  '>;=Tlvxý½yppsxgUWWYMB=BRYTC66EJKKMMRWaa\\bgldZdqx{vv{nZ^lkWKHKJCB813==9CHC>BUYPRfnkq»{vxy{l\dnliffbgfWMMR\\Y\\^TR\dbZdqplv}{nyssy}~~}{~vquyvvuqusligZPRYUKHPWYY\abkilsux~xpuupnxqqnnnpnqkdaYWWPKKORYWZ\^^iknyua\nxupv~vy~}xgiqpkddffkiinnk_fnnq^ZnyibqsvyŶxnlvpfTKO^_WY\W\^^\\\ZW\^RP^b\WYadbbd_bigdk}~^vȶxffu_E835, '+!$9MRWdxyx~Խ~sx{xnggdWPPPH@GJHKRMGMWfaKRi~xbd{~ln¹¹}~{lbpqdRKOMC86335056BJGEG^pxux~~Ŷ}~~yps}yv~~}xu{upgbdb_\Z^ZY^bdpuu~xss~}xxv}~}vupkgaWTY_YMMZddY\gsxsu~}{~xy}xqqpvxsslpslinlafffnifpx}}~qdikbZUZYa_\inffsvssllpi_\iaMKYkpgTY~basöŽ»pn{udWOR_bJ;COYYPMMKC@MKEG;BPROU\_by}pxʾn\YOB60,$ !.8EPZdyʾy~{xuqlZOOCCORMG9=JKGJKMask^^daap}ó}x{yqy}qdWKEYRJY_TJPWRPWYafdb^anlgu~}yv{x{pln_R_iliaggafffgfblqllns{vpivui_^bg_Ublfb_ipkki_bfpnggip~}xnillf\YUJJKMPU_ag_^gu~~lfu{lTRlxiUECOYE>GGHKEMMZbZds}{Ǿugpyssifvsdddf__^^ZREMYTJGC_kPMi{kks{\yҾ}ugUEEH>'$')"'55,1=HHHKM\kx~}y~skia\adUM\YYgZEM_iaKJk~y{}gZZaaZR\b_ZZaafpkZbkgddY\nvvu~vnxy~~~ndgkknkpnklxskfkvpgfggUYssgiks}x~vy{~vy~~}npuyqlnsy}sknp}{qx}~vy~xpuxvqkqpgbbgngggkpqx{~{yupqqkad\TROUUMPRT_fZOYdspiny~lWWsbMGYqkWPTUWYZTHR\\HEWfnYRuxg{°qupaWMG8+6$"+'0356BH@CMUMUpq{xy}vxu~~silZEGOYUTYOdx{}x~y~vvxq\TfdZZ\nuigkpnnqvyyuux{v{uv}}upx~sdp{xvvnyyvqik}vbsxipubv~ysy~{{uvuq}uxuux{y}x{up{~vpqspkkllnssgW^bgqpqvu{~~yniys^JGbqaP56^iH@Y^xx~~xiuuiakqxsdgnuviTYbquiWUfZYqu^Yfafyv\iäŮͳusbldTEGE55@RUWYWTfu}qadikpdYdq_dynfnuqpk\gns~{sknvya\nnfg_akd^\ik_p{}}}y½ydfs~{nUTppbYYgnlkqpiluqvqxysyxpvy{ysl}{~vysilk_glgsuiu{plpngkpnqplpkbYTbiuqs}ys}xs{qsnklYPOfsZWdlxvi{{}{}un~{slv~qysnu}}gZ}~kqn~{pnqf_Zpxvvfv~~sY_qiRPZ\da\\\Pp}{uu}pq}}pu^aqsuniy~vs}i{~q{y~{~}}nknplld_Y^gb^Zdqv}~}{}{}y~~yxxnqkq~xx~y{yxv~y~qlxqlg_ax{snki{{}xx}sy}{ylgy}}{}~xss_lpgbZbiuulpsp}}y~svyganuyp\^pvsigu~svyv{~~vplqubqvu}pdnqs~~uvq^p{~ilqyub^fvsd\\\b_PHOTHYpsl^f{sbnvv}}ifdaaiiWbqsqlku{{qx{{v}vy{vuqdknvupqxux~~~{}{qpux{vsuqqssvu{uxyx{{vx}{}}yy}{}{vxvxsvuqqkinnkkisyvv}yvxxsnnspnqsxvuux}~}}~}~~xx{}~xnnquxvppssu{}y~~xux}}yx}~}~yxy~yyxpsvxxuqs{~}yyvyvkiffgfgiiikkfilkfkpy}}y{yuuvqlgiiggkklqpqsvxysv{{xpgkqsqvvvvsspqxx{uuy{sssp}gZ_dp{us}upk^RKd}sgvk\^ny~}qdbix~fPCMfsuslbpii\M{ykYa}dvTa}^g~lGba;>UnlkKO^{kP^akv\9HfOTlqE;C=\{G^g{bGZ¬nPikPTqUs{aTUl{¸W>KaMTx>G;Kg80TpxB)KuyqdPZxǕuglp§TllE09O^uqlfG3K^Ug}ǸsPWlZCRgvö}^PW\UbpsWWYC>Kas~W=EEqff͹bn_qTHbg_M_qxT61Hfvp”RfC6U{i^~xJKk_@CZl}ùZ^}RBRfyçisZ@Jf}xծqxiCYuP6Jlg9UxuiqbJ3HgaWk¹laidsyǹvdB)!&3WZYu~}bJ95EgZWvŹqdvbGBKi}kK@RM}vnŗ{uJYqG9K\{qgT89TRMdy~pgZGEUZkԾuB1B@asWPl\=GRig\nZJpuTERk}˸nYsg@3CayybusP9CHsv{ʶnvJ{q{R>;pKsŦv9Yl_HuGRvKYOJlplvnl_dvˍWpȩlC\xvu^d}qBHOidKJi}\ulgig~{ȳpCun\~}BWuC.Ck;=ZsG8Osn{xu}pOdbORflyfYYaZ356J_lûlMbWTduxȾ—_iROHRi}Ƚ~\dC^i^Y_Uiudzd_qu;66^~k\_y~TGGkd=)9TgžԽuEpgOTp˅Z~ÙWbZ6'1JfffJ9Jb{}b;=gpunnű_g}kKP^x͵ulxiZJ;KTp{ňxqC>;~Y5JJ~guJ+ig>HCT@avԅ{¬sskPUqʾa@6=BZixŸ{~d85KaGK^vxsPEgyPZvжiO059GZZp~ylaM+$>Uk}ŤsiPaladsŬf8CKWaB;MfnqfE3=EYbp~dBETqg_sň~yf\p}as{lR;;TTMZllM'.ZYBHT}yY@W\uv϶fBOYYJ\}\Wnu}__E8Jbu}ŮRPygOfKKgyȱgU\bp^yqB58KGMbyvP;MWnYnǜU=BaaPbpYlO!)d}=MfnHGYfϧY{vM9\E\l{WniYaPa\}xM$MiEyuygȳqdH6Gqbu}xUq96TE.Rbf{Y}Zq\u~paqv_CCUnfaTi}T9HxTgg{Ȟ\dslnU{MdxgÏOWx_{iuikRk}gOWYWqsq^=8EiMps>anU9,6Zk±^^vsxnRKfy¦lMi{d\U@0JbubJqvkxb@@OWZW}s{q~\H{yUdpWMixMPOgiJsK>Zn_}yklYabZvs_ZYH\i_k{~nP6=U}}{l~dGG_yxbõu~M=Yn{pyqZaY66G\{}qiaM>Rk{NJUg}vfW@.3C^fslkgfGuWfUlx˙ͱsUa_;>Pndsg}lYWORCayvv}dOK>Rafq©ldvaREKdp~Ⱦ_ygRKH__dxld{vnqgUEgYlaagYJnu\9OTCfyf~fdf{»n_RW_Z6EEJ_p}xkG=;ffšpB+B}saZsŸ_5PlifRdyl6=yJKWky˻qU8UpPWf{¹xfO3+@TbqvxlaJ15Rnd_{öǹ^OTubxyyʳ~l\C6Kpqu\vnW.3lkZbv~ydC5T}YpqP3@Zx^pq}siG&.E^}p}«~pMRl{GWs٦\Yqf^ZfsxJ'GM_Wql{\36q~iTiʻfH1B\p\~ùg@,;TgPl{xkM,Gi\Y{axqqqfa\T^YivkWaUluagyukf~ulUKp{ZniYKbyqHRKJguxfdaUUWb~~yypyqiYKPduödi_^^b_U_snO@EUku}~kM39;GWiuvdHUTYalpȹlHGd^\dx~kE&B}fRMkxkM9Epgký}pdYB8P~lfЩpdWG05O{abangM,Bsa^uȻxy~ZHP~kMTn~ëvv_9)dfasufuеqyRE_nxqdP8Eqgf{{gOHWYTkxq_WkgdxsisZnpfanl{{qkUkifk{g^}xqnbi\u~nHn{l\qu}u}xP@y~viuxsgqqvkuY@HKduǾ}KOk}_\TWguaYUnsOH{gffds{¤vxpfvZ\{ngbPHdqvxvd_xukWp{susdU\_RRqpdKOfÊi{iY9O}u{v}f{pW@@\lynvxupx~n@6RsUugdUWa{vß}vuO~\akg_lDZgg1Ex}KOqxuM@akx\qaa~lPYfU\v}y~}qakMPq{d_Wp}~iYksg\y{}6@s>>bqG_lqunTkp^kayaqqluvf^Tisvdqn~xiskZHk^vx}~vbqlWqq~_~qdqqaGaivn_RY^b=WiUpiR_\MYxyqgxxvuffuJBPng~Z~^8=\{{l~âuqqlkxfqqqlbqgxuu~~Zinfgdlvl{suvvsyP>;bs\ya}ZZbb^qRdyKBv{~}x{GM{kqZuf^TGEkki~xnfsMavU\yZM{palÏ_pdx~qUUdbf}~~y{udMs~dx{}}du}yxsbPfq}}ngxklnRJR{iRk}nBa{vYpWnubk_^ypk{}{i{qdvy{vfYWR~k}U5Znsxp}udapx{~~}qgfyxKTxk~uRanPOguJOdbnx}iWpuqZ_fu^~}i}sgki_pykslxuqpkxaas^\sxud_x~vW~_i{~pgxq\JZf\PqxRbqunWkiyknvsugW_vksn}{pklppa}qWf~ukGYfkdppfUk^\pnxq@;xdYvunnd\pqxsfU{qndssqyvZpvyybkkpkgau{v}xlbMCT_gppq~}\UnfYi{~}bZsnZWxiukdy{~fJasukJZbnd~qYkifi{\K^uxubTk~p\kklPJabaxaf{~~svUv{ZWis{plu~bCJ_nnvflfdv{}gM^}u}}x{~}uyWHE}xd~ZEMg}xk>B}nqupgsMnMRkskn}s_R9=OZ_\usgKJnsanfiJYdgT\Wkv~p^^lu~qkU>BP\gnivvnl^PEYddid_g~vp}x~ZRfvpsu~usvRkTP^isuiv˩yy~qgWEZba_uqfdibTEPguȰ}nqZCBWgvͶnkavYKT^yuȫfPp{kigqlq{iy^OUUfv{sTTdaUdqk^KRTn~î}lsTfxsYp{Y_{^EUWUi{uvg}d^Ydin{n_KP^iRav~udRZibi}sifaUHZnba~kTPnpy~_x\yORviYsx^YfygZf}nx}pgZP_q~nxlda\KHWgxknibfdbuydO~~iZi~nkZs{vqYan{}pdROfkxk~nPZuynl}y}v_aRYlyixq^pyU_gYiy^nqaf}_Y{WYg^\~U^pggaUssYl^Zq{fl}a^p{fx^Zni\y\Raxy_yyPTklnaTp{snZuvaxv_dysykgxy~ub\bsup~{niuylnpiqn}sb_n{qsysunvy}xp{{~~ldiky~y}kfnqqynpu{lbgy{s}kgvxp}}llpqx{lfgq{yuxyx{{qpu{vnv}skuy~vp{~vsqnv~vvssqv~y{unqyx{ss}}plv}pluy~yy}xllv}}xsss{vnqyyuux{yy{ysy}~}}yy~{vsqqsx~xxy~xqqx}xy}uppy~xsv{uv}{y{}y}~~~~{y~~yxy}~}}~~{{~{{~{xy}~~{vvy~}xy{{}~}}yxxy~yvy~}{y{{yy}~~~}{}~~~{yx{~yy{}~}{{{~~{{}~{}~~~~~~~~}}{{~~~~~}}}~~}{}~}{}~~~~}~~~}~~~~~{yy}~~~~}~~~}~~~~~}}}~~~~}}~~}}}~~~~}~~}~~~~~~~~~~~~~~~~~~~~}~~~~}~~~~~~~~~~~~~}}~~~~~~~~~~}}}~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  TV4        *" !"#$%&#'(()* + , - . /  012:3<4 R$YT\rwSͿb$3Gs)1b$7;7kcs[ Qb$Kqdzx\b$>D"'plb$Q8R1,⺔ |b$q]~>hg朳Kb$V'O}X/‡ tb$޿ wʃx$ Yc $`f3fff@{ʚ;2Nʚ;g4JdJdv 0pppp@ <4!d!d` 0,@<4dddd` 0,@ <4BdBd 0,? % !"#$ %!&"'#)&*'($+(,)6*_K`L7+8,9-:.;1@2C3E4J5L7M8N9O:P<R=S>VAWBXCaMYDZE[F]H\G^J ` ` ̙33` 333MMM` ff3333f` f` f` 3>?" dd@,|?" dd@   " @ ` n?" dd@   @@``PR    @ ` ` p>>  m(    6` P  O-Klicken Sie, um das Titelformat zu bearbeiten."  0    pKlicken Sie, um die Formate des Vorlagentextes zu bearbeiten Zweite Ebene Dritte Ebene Vierte Ebene Fnfte Ebene=      0 ``  >*  0ܓ `   @*  00 `   @*H  0޽h ? ̙33 Standarddesign  0 I(  x  C PA8D:\head-bw-background-3.jpgx  C PA8D:\head-bw-background-3.jpgAx  C PA8D:\head-bw-background-3.jpgpx   C PA8D:\head-bw-background-3.jpg   <߽3 C 2001 Halvar Flake    0@ d.Auditing binaries for security vulnerabilities/(2/$   S X   BSpeech outline (I)   0pp:,$ 0 JLegal considerations concerning reverse engineering Introduction to the topic: The different approaches to auditing binaries Review of C/C++ programming mistakes Spotting these mistakes in the binary Demonstration of finding a vulnerability --- Break ---  @`H  0޽h ? ̙33A @ X(  Xx X C PA8D:\head-bw-background-3.jpgx X C PA8D:\head-bw-background-3.jpgAx X C PA8D:\head-bw-background-3.jpgpx X C PA8D:\head-bw-background-3.jpg X <3 C 2001 Halvar Flake  X 0"@ d.Auditing binaries for security vulnerabilities/(2/$ X c $%   CSpeech outline (II)   X 08(pp:,,$ 0 {3Patching the problem away Dealing with Run-time-encrypted binaries Automated scanning for suspicious constructs: sprintf() and strncpy() Automating the process of reconstructing structures Extending structure reconstruction to C++ OOP class reconstruction Free time to answer questions and discuss the topic44 @`H X 0޽h ? ̙33p  P \(  \x \ C PA8D:\head-bw-background-3.jpgx \ C PA8D:\head-bw-background-3.jpgAx \ C PA8D:\head-bw-background-3.jpgpx \ C PA8D:\head-bw-background-3.jpg \ <93 C 2001 Halvar Flake  \ c $=   FLegal considerations(  \ <?r cTechnically, the reverse engineer breaks the license agreement between him and the software vendor, as he is forced to accept upon installation that he will not reverse engineer the program. The vendor could theoretically sue the reverse engineer and revoke the license. Depending on your local law, there are different ways to defend your situation: dcH \ 0޽h ? ̙33 WO`d(  dx d C PA8D:\head-bw-background-3.jpgx d C PA8D:\head-bw-background-3.jpgAx d C PA8D:\head-bw-background-3.jpgpx d C PA8D:\head-bw-background-3.jpg d <K3 C 2001 Halvar Flake  d c $8O   KLegal considerations (EU)(9 d 0PP ,$ 0 EU Law: 1991 EC Directive on the Legal Protection of Computer Programs Section 6 grants the right to decompilation for interoperability purposes Section 5.3 grants the right to decompilation for error correction purposes Under EU Law, these rights cannot be contracted awaynJ6A D xH d 0޽h ? ̙33< ph|(  hx h C PA8D:\head-bw-background-3.jpgx h C PA8D:\head-bw-background-3.jpgAx h C PA8D:\head-bw-background-3.jpgpx h C PA8D:\head-bw-background-3.jpg h < c3 C 2001 Halvar Flake  h c $(g   LLegal considerations (USA)( h 0i ,$ 0 9US Law: Final form of DMCA includes exceptions to copyright for: Reverse engineering for interoperability Encryption research Security testing One should ask his lawyer if these rights can be contracted away. BCUD;H h 0޽h ? ̙33 l-(  lx l C PA8D:\head-bw-background-3.jpgx l C PA8D:\head-bw-background-3.jpgAx l C PA8D:\head-bw-background-3.jpgpx l C PA8D:\head-bw-background-3.jpg l <x3 C 2001 Halvar Flake  l c $|   TApproach A: Stress testing(v l 0@@0=,$ 0 Overly long (or malformed) strings are automatically generated and supplied to the program Pro s: The process is largely automatic No specially skilled personnel is needed The stress-testing tool is re-usable Con s: The protocol has to be known Complex conditions will be missed Exception handling will hide problems malloc() overwrites will not be found [v[tm H l 0޽h ? ̙33 LDp(  px p C PA8D:\head-bw-background-3.jpgx p C PA8D:\head-bw-background-3.jpgAx p C PA8D:\head-bw-background-3.jpgpx p C PA8D:\head-bw-background-3.jpg p <3 C 2001 Halvar Flake  p c $   SApproach B: Tracing Input(& p 0P@p0,$ 0 A reverse engineer reads the program from the point where it receives input on and analyzes the code to find possible weaknesses Pro s: Even very complex conditions are found Con s: Auditor needs to be highly skilled Nearly infeasible for large applications Very time consuming since one will be reading a lot of irrelevant `tentacles *(H p 0޽h ? ̙33 t(  tx t C PA8D:\head-bw-background-3.jpgx t C PA8D:\head-bw-background-3.jpgAx t C PA8D:\head-bw-background-3.jpgpx t C PA8D:\head-bw-background-3.jpg t <3 C 2001 Halvar Flake  t c $    y?Approach C: Finding suspicious constructs and reading backwards@?(B t 0p,$ 0 Certain constructs which appear suspicious are detected, and a reverse engineer then manually analyzes the threat they pose Pro s: A lot less time consuming than approach B The process of detecting suspicious constructs can be automated Fairly complex conditions can be found Con s: Some vulnerabilities will be missed Needs highly specialized auditor |I|HH t 0޽h ? ̙33 LDx(  xx x C PA8D:\head-bw-background-3.jpgx x C PA8D:\head-bw-background-3.jpgAx x C PA8D:\head-bw-background-3.jpgpx x C PA8D:\head-bw-background-3.jpg x <ό3 C 2001 Halvar Flake  x c $Dӌ   kBlackhat vs Whitehat auditing2  x 0$،p,$ 0 zBlackhat: Wants the fastest way to find a vulnerability Doesn t care if he misses some problems Only needs to repeat the process if the vulnerability was fixed Whitehat: Wants security, so he needs to read all code Has to repeat the process with every upgrade Has to continue after he has found something The Blackhat is at an advantage here  %  &H x 0޽h ? ̙33O  |(  |x | C PA8D:\head-bw-background-3.jpgx | C PA8D:\head-bw-background-3.jpgAx | C PA8D:\head-bw-background-3.jpgpx | C PA8D:\head-bw-background-3.jpg | <p3 C 2001 Halvar Flake  | c $    GTools the auditor needs  | < @ F w-IDA Pro by Ilfak Guilfanov www.datarescue.com..-x  | <A ??P z  | 0@@,$ 0  Can disassemble x86, SPARC, IA64, MIPS and much more ... Includes a powerful scripting language Can recognize statically linked library calls Features a powerful plug-in interface Features CPU Module SDK for self-developed CPU modules Automatically reconstructs arguments to standard calls via type libraries, allows parsing of C-headers for adding new standard calls & types Great technical support ... much more ...H | 0޽h ? ̙33y )! (  x  C PA8D:\head-bw-background-3.jpgx  C PA8D:\head-bw-background-3.jpgAx  C PA8D:\head-bw-background-3.jpgpx  C PA8D:\head-bw-background-3.jpg  <43 C 2001 Halvar Flake   c $4@@`   Estrcpy() and strcat()a  0@[ ,$ 0 q Old news: strcpy() and strcat() copying dynamic data into any kind of fixed-size buffer are always suspicious@r P  0p HC/C++ auditing recap,H  0޽h ? ̙33   L(  x  C PA8D:\head-bw-background-3.jpgx  C PA8D:\head-bw-background-3.jpgAx  C PA8D:\head-bw-background-3.jpgpx  C PA8D:\head-bw-background-3.jpg  <3 C 2001 Halvar Flake   c $@@`   Hsprintf() and vsprintf()  0 @u ,$ 0 ] Old news: Since sprintf() can expand an arbitrary string using the `%s` format character, any call to sprintf() or vsprintf() which expands dynamic data into a fixed-size buffer has to be considered suspicious.l *  V  0*p HC/C++ auditing recap,H  0޽h ? ̙33  G(  x  C PA8D:\head-bw-background-3.jpgx  C PA8D:\head-bw-background-3.jpgAx  C PA8D:\head-bw-background-3.jpgpx  C PA8D:\head-bw-background-3.jpg  <43 C 2001 Halvar Flake   c $8@@`   LThe *scanf() function family  00;K ,$ 0 T As *scanf() parses data of dynamic origin into fixed buffers by using the %s` format character, any *scanf() call which targets a fixed-size buffer with a `%s` format character is suspiciousx?/   0Ep HC/C++ auditing recap,H  0޽h ? ̙33 ~ (  x  C PA8D:\head-bw-background-3.jpgx  C PA8D:\head-bw-background-3.jpgAx  C PA8D:\head-bw-background-3.jpgpx  C PA8D:\head-bw-background-3.jpg  <O3 C 2001 Halvar Flake   c $|S@@`   IThe strncpy()-pitfall (I)  0pV ,$ 0 & While strncpy supports size checking, it does not guarantee NUL-termination of the destination buffer. So in cases where the code includes something like strncpy(destbuff, srcbuff, sizeof(destbuff)); problems will arise.*.  0p]p HC/C++ auditing recap,H  0޽h ? ̙33  X P  (  x  C PA8D:\head-bw-background-3.jpgx  C PA8D:\head-bw-background-3.jpgAx  C PA8D:\head-bw-background-3.jpgpx  C PA8D:\head-bw-background-3.jpg  <f3 C 2001 Halvar Flake   c $j0   JThe strncpy()-pitfall (II)  0mp HC/C++ auditing recap,x  <q:   6sPP `,$D0 ? Source string  6w `,$D0 5\x0  6X{ ``,$D0 7 data<  <Q`,,$0 lAfter copying the source into a smaller buffer, the destination string is not properly terminated any more.mm  6܂PP  ,$D0 DDestination string  6 ` ,$D0 L data with a \x0 somewhereb  < ,$0 |Any subsequent operations which expect the string to be terminated will work on the data behind our original string as well.*}YH  0޽h ? ̙33 z  (  x  C PA8D:\head-bw-background-3.jpgx  C PA8D:\head-bw-background-3.jpgAx  C PA8D:\head-bw-background-3.jpgpx  C PA8D:\head-bw-background-3.jpg  <3 C 2001 Halvar Flake   c $0   IThe strncat()-pitfall (I)  0Hp HC/C++ auditing recap,x  <ġ: 6  0@0  NAs with strncpy(), strncat() supports size checking, but guarantees the proper termination of the string after the last byte has been written. If the buffer that is targeted is the first one which was declared in the offending function, it is possible to overwrite the frame pointer and gaining control one function layer outwards.lO  N 2H  0޽h ? ̙33x  (  0) (  x  C PA8D:\head-bw-background-3.jpgx  C PA8D:\head-bw-background-3.jpgAx  C PA8D:\head-bw-background-3.jpgpx  C PA8D:\head-bw-background-3.jpg  <p3 C 2001 Halvar Flake   c $x0   JThe strncat()-pitfall (II)  04p HC/C++ auditing recap,x  <:   6f ,$0 JBuffer to which we append  6|ō ,$D0 9 saved_EBP  X  0  0   6ɍf  9 saved_EIP  X  00  X  0  x  <čZF z  l @ %@,$D0`B # 0D)@p@ $ <э1`  |Lsaved_EBP s lowest byte is set to 0x00'' & 6֍0` ,$D0 WFunction epilogue: mov esp, ebp  H  0޽h ? ̙33  ] U @(  x  C PA8D:\head-bw-background-3.jpgx  C PA8D:\head-bw-background-3.jpgAx  C PA8D:\head-bw-background-3.jpgpx  C PA8D:\head-bw-background-3.jpg  <ߍ3 C 2001 Halvar Flake   c $0   KThe strncat()-pitfall (III)  0p HC/C++ auditing recap,x  <`:   6 ,$D0 9 saved_EBP  X  0  0   6f  9 saved_EIP  X  00  X  0  x  <ZF z    6` ,$D0 SFunction epilogue: pop ebp H  0޽h ? ̙33  B : P(  x  C PA8D:\head-bw-background-3.jpgx  C PA8D:\head-bw-background-3.jpgAx  C PA8D:\head-bw-background-3.jpgpx  C PA8D:\head-bw-background-3.jpg  <3 C 2001 Halvar Flake   c $0   JThe strncat()-pitfall (IV)  0dp HC/C++ auditing recap,x  <@ : X  0  0   6Pf  9 saved_EIP  X  00  X  0  x  < ZF z    6   NFunction epilogue: ret  6 @The value in EBP (the frame pointer) is now our modified value !0A H  0޽h ? ̙33    `J (  x  C PA8D:\head-bw-background-3.jpgx  C PA8D:\head-bw-background-3.jpgAx  C PA8D:\head-bw-background-3.jpgpx  C PA8D:\head-bw-background-3.jpg  <\&3 C 2001 Halvar Flake   c $d*0   IThe strncat()-pitfall (V)  0 -p HC/C++ auditing recap,x  <1:   63f  0  BUser-supplied data  670   9 saved_EBP    6;f   9 saved_EIP  x  <(@ZF z    6A@` ,$D0  Next function epilogue: mov esp, ebp ESP slides upwards (as its lowest order byte was overwritten) into the user-supplied data. We can now supply a new return address to gain control$ l `    `  ,$D0`B B 0D)` 0 1   6LI   FESP should be here ...z `     ` @ ,$D0`B B 0D)` 0 1   6M   N.. but it lands lands here ...H  0޽h ? ̙33    p (  x  C PA8D:\head-bw-background-3.jpgx  C PA8D:\head-bw-background-3.jpgAx  C PA8D:\head-bw-background-3.jpgpx  C PA8D:\head-bw-background-3.jpg  <hU3 C 2001 Halvar Flake   c $pY0   JThe strncat()-pitfall (VI)  0,\p HC/C++ auditing recap,x  <a:   0b@ bFurthermore, the fact that strncat() has to deal with dynamic values for the len parameter increases the danger of signedness misconceptions: strncpy(buff, userdata, sizeof(buff)); strncat(buff, userdata2, sizeof(buff)-strlen(buff)-1); T )?a&l      ,$D0   <llԔ   l.Fills buff so that strlen(buff) = sizeof(buff)"/`B   0DԔp  ZB   s *DԔp p Dl     ,$D0  <rԔ   Llen is pushed to  1 which is 0xFFFFFFF"'$ZB  s *DԔ  `B B 0DԔ  H  0޽h ? ̙33z *"!(  x  C PA8D:\head-bw-background-3.jpgx  C PA8D:\head-bw-background-3.jpgAx  C PA8D:\head-bw-background-3.jpgpx  C PA8D:\head-bw-background-3.jpg  <|3 C 2001 Halvar Flake   c $~0   ACast screwups (I)  0|p HC/C++ auditing recap,x  <:   <|0 s5void func(char *dnslabel) { char buffer[256]; char *indx = dnslabel; int count; count = *indx; buffer[0] = '\x00'; while (count != 0 && (count + strlen (buffer)) < sizeof (buffer) - 1) { strncat (buffer, indx, count); indx += count; count = *indx; } } "65B @ 0D)@ ,$D0l  ) ) ,$D0B B 0D) )p ),$D0  6<  V&First byte at *dnslabel is 0x80 = -128''l @I  @I ,$D0B B 0D)@I I ,$D0  6  JGets expanded to 0xFFFFF80l  0    0   ,$D0B B 0D) y  ,$D0  6L 0   Hsigned comparison passesl  `p ! `p,$D0B B 0D) ,$D0  6fP `p S#arbitrary length string is appended$$H  0޽h ? ̙33   w   (  x  C PA8D:\head-bw-background-3.jpgx  C PA8D:\head-bw-background-3.jpgAx  C PA8D:\head-bw-background-3.jpgpx  C PA8D:\head-bw-background-3.jpg  <`3 C 2001 Halvar Flake   c $h0   MFormat string vulnerabilities  0p HC/C++ auditing recap,x  <:   <xzF  Any call that passes user-supplied input directly to a *printf()-family function is dangerous. These calls can Also be identified by their argument deficiency. Consider this code: printf( %s , userdata); printf(userdata);66 v-z       ,$D0`B B 0D) ` `   6̼PPo   EArgument deficiencyH  0޽h ? ̙33)  (9L](  Lx L C PA8D:\head-bw-background-3.jpgx L C PA8D:\head-bw-background-3.jpgAx L C PA8D:\head-bw-background-3.jpgpx L C PA8D:\head-bw-background-3.jpg L <|W3 C 2001 Halvar Flake  L c $\0   HExploitation Details (I) L 0,Tp HC/C++ auditing recap,x  L <?: X L 0xP" Stack layout during regular printf()-call : printf( %lx -- %s -- %d , var1, buf, var2); (,/,/ L 6hf`   Darbitrary local data L 6` p   ( L 6f`   ( L 6` 0   ( L 6n` 0   ( L 6]ff`   (b8 p 0@ *Lp 0@ !L <ҫԔ 0@ >Return address`B "L 0DԔ0p 0 8 p `@ )Lp `@ #L <Ԕ `@ LPointer to the format string@ p  (Lp `B $L 0DԔ `B %L 0DԔ fB &L 6DԔp  8  @  /L @ ZB +L s *DfԔ ZB ,L s *DfԔ@ ZB -L s *DfԔ@ @ `B .L 0DfԔ 8     4L   ZB 0L s *DԔ   @ZB 1L s *DԔ  @ZB 2L s *DԔ @ @`B 3L 0DԔ@@@ 8    9L   ZB 5L s *DԔ  ZB 6L s *DԔ ZB 7L s *DԔ `B 8L 0DԔ  H L 0޽h ? ̙33 0";PP (  Px P C PA8D:\head-bw-background-3.jpgx P C PA8D:\head-bw-background-3.jpgAx P C PA8D:\head-bw-background-3.jpgpx P C PA8D:\head-bw-background-3.jpg P <.3 C 2001 Halvar Flake  P c $(c0   IExploitation Details (II) P 0@Op HC/C++ auditing recap,x  P <0Q:   P 0TP" ,Stack layout during malicious printf()-call : printf(stuff); // Stuff is set to contain //  %.200lx%n%.40lx%n (.G.G  P 6Xf p  P attacker-supplied malicious data!!  P 6L^ `  ( P 6&ff   (pF p 0@ P 0   P <4Ԕ 0@ >Return address`B P 0DԔ0p 0 F p `@ P 0 P P <D5Ԕ `@ LPointer to the format stringN p  P p ZB P s *DԔ ZB P s *DԔ `B P 0DԔp  XB )P 0D