Analysis Date2014-04-01 03:53:30
MD5c3e51c29de62834077563785e7474be3
SHA19019c9284b72010767aa8521331266b61af0134f

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionUPX0 md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
SectionUPX1 md5: a512a3f8c1e660ed400915b5ea9a3a68 sha1: da7b5bed5fa77eaf8bb9764bc1a51fe896a72551 size: 320512
Section.rsrc md5: 264ff8695a15e45f1e21d5572feeee6f sha1: 35bb9b33831cbcd4f58e043cdda4c6dff2f01cbf size: 67584
Timestamp2012-05-07 12:28:54
VersionLegalCopyright: Copyright 2011
FileVersion: 14,1,1,3
CompanyName: InstallBrain
PrivateBuild: 3010
LegalTrademarks: InstallBrain
ProductName: InstallBrain Installer
SpecialBuild: 14,1,1,3
ProductVersion: 14,1,1,3
FileDescription: InstallBrain Installer
PackerUPX -> www.upx.sourceforge.net
PEhashbdf343a7d198160177d93c5ee9c88caee5ebb6dd
IMPhashed130b127bbdd912c64b443ad6ca9b92
AVclamavWin.Trojan.Installbrain-1

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Creates Mutex{69C867F8-341A-44a8-B8F2-AF392F12143A}83510true
Winsock DNSstats.smartiengine.com

Network Details:

DNSstats-load-balancer-675944560.us-east-1.elb.amazonaws.com
Type: A
23.23.103.45
DNSstats.smartiengine.com
Type: A
HTTP GEThttp://stats.smartiengine.com/installer/bootstrap.php?cmp=8&sub=3510&rkey=%7B53706570-E5FC-45B8-BE17-289EE8AB6436%7D
User-Agent:
HTTP GEThttp://stats.smartiengine.com/installer/bootstrap.php?cmp=8&sub=3510&rkey=%7B53706570-E5FC-45B8-BE17-289EE8AB6436%7D
User-Agent:
HTTP GEThttp://stats.smartiengine.com/installer/bootstrap.php?cmp=8&sub=3510&rkey=%7B53706570-E5FC-45B8-BE17-289EE8AB6436%7D
User-Agent:
Flows TCP192.168.1.1:1032 ➝ 23.23.103.45:80
Flows TCP192.168.1.1:1034 ➝ 23.23.103.45:80
Flows TCP192.168.1.1:1036 ➝ 23.23.103.45:80

Raw Pcap
0x00000000 (00000)   47455420 2f696e73 74616c6c 65722f62   GET /installer/b
0x00000010 (00016)   6f6f7473 74726170 2e706870 3f636d70   ootstrap.php?cmp
0x00000020 (00032)   3d382673 75623d33 35313026 726b6579   =8&sub=3510&rkey
0x00000030 (00048)   3d253742 35333730 36353730 2d453546   =%7B53706570-E5F
0x00000040 (00064)   432d3435 42382d42 4531372d 32383945   C-45B8-BE17-289E
0x00000050 (00080)   45384142 36343336 25374420 48545450   E8AB6436%7D HTTP
0x00000060 (00096)   2f312e31 0d0a696e 7374616e 63653a20   /1.1..instance: 
0x00000070 (00112)   36363639 33396339 32343362 34373565   666939c9243b475e
0x00000080 (00128)   39353034 35313732 34646232 32363730   950451724db22670
0x00000090 (00144)   0d0a7365 7373696f 6e3a2031 33393633   ..session: 13963
0x000000a0 (00160)   34333037 3536340d 0a6c6f63 616c653a   4307564..locale:
0x000000b0 (00176)   20656e2d 75730d0a 63616d70 6169676e    en-us..campaign
0x000000c0 (00192)   5f69643a 20380d0a 63616d70 6169676e   _id: 8..campaign
0x000000d0 (00208)   5f737562 69643a20 33353130 0d0a486f   _subid: 3510..Ho
0x000000e0 (00224)   73743a20 73746174 732e736d 61727469   st: stats.smarti
0x000000f0 (00240)   656e6769 6e652e63 6f6d0d0a 436f6e6e   engine.com..Conn
0x00000100 (00256)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x00000110 (00272)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f696e73 74616c6c 65722f62   GET /installer/b
0x00000010 (00016)   6f6f7473 74726170 2e706870 3f636d70   ootstrap.php?cmp
0x00000020 (00032)   3d382673 75623d33 35313026 726b6579   =8&sub=3510&rkey
0x00000030 (00048)   3d253742 35333730 36353730 2d453546   =%7B53706570-E5F
0x00000040 (00064)   432d3435 42382d42 4531372d 32383945   C-45B8-BE17-289E
0x00000050 (00080)   45384142 36343336 25374420 48545450   E8AB6436%7D HTTP
0x00000060 (00096)   2f312e31 0d0a696e 7374616e 63653a20   /1.1..instance: 
0x00000070 (00112)   36363639 33396339 32343362 34373565   666939c9243b475e
0x00000080 (00128)   39353034 35313732 34646232 32363730   950451724db22670
0x00000090 (00144)   0d0a7365 7373696f 6e3a2031 33393633   ..session: 13963
0x000000a0 (00160)   34333037 3536340d 0a6c6f63 616c653a   4307564..locale:
0x000000b0 (00176)   20656e2d 75730d0a 63616d70 6169676e    en-us..campaign
0x000000c0 (00192)   5f69643a 20380d0a 63616d70 6169676e   _id: 8..campaign
0x000000d0 (00208)   5f737562 69643a20 33353130 0d0a486f   _subid: 3510..Ho
0x000000e0 (00224)   73743a20 73746174 732e736d 61727469   st: stats.smarti
0x000000f0 (00240)   656e6769 6e652e63 6f6d0d0a 436f6e6e   engine.com..Conn
0x00000100 (00256)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x00000110 (00272)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f696e73 74616c6c 65722f62   GET /installer/b
0x00000010 (00016)   6f6f7473 74726170 2e706870 3f636d70   ootstrap.php?cmp
0x00000020 (00032)   3d382673 75623d33 35313026 726b6579   =8&sub=3510&rkey
0x00000030 (00048)   3d253742 35333730 36353730 2d453546   =%7B53706570-E5F
0x00000040 (00064)   432d3435 42382d42 4531372d 32383945   C-45B8-BE17-289E
0x00000050 (00080)   45384142 36343336 25374420 48545450   E8AB6436%7D HTTP
0x00000060 (00096)   2f312e31 0d0a696e 7374616e 63653a20   /1.1..instance: 
0x00000070 (00112)   36363639 33396339 32343362 34373565   666939c9243b475e
0x00000080 (00128)   39353034 35313732 34646232 32363730   950451724db22670
0x00000090 (00144)   0d0a7365 7373696f 6e3a2031 33393633   ..session: 13963
0x000000a0 (00160)   34333037 3536340d 0a6c6f63 616c653a   4307564..locale:
0x000000b0 (00176)   20656e2d 75730d0a 63616d70 6169676e    en-us..campaign
0x000000c0 (00192)   5f69643a 20380d0a 63616d70 6169676e   _id: 8..campaign
0x000000d0 (00208)   5f737562 69643a20 33353130 0d0a486f   _subid: 3510..Ho
0x000000e0 (00224)   73743a20 73746174 732e736d 61727469   st: stats.smarti
0x000000f0 (00240)   656e6769 6e652e63 6f6d0d0a 436f6e6e   engine.com..Conn
0x00000100 (00256)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x00000110 (00272)   76650d0a 0d0a                         ve....


Strings
=
..
w
R.
.A
...
...k..
_
.
x.j
..
.Rq.
.
.
sR
2
.
.>
.
B
.
=
..
w
R.
.A
...
...k..
_
.
x.j
..
.Rq.
.
.
sR
2
.
.>
.
B
.

040904e4
14,1,1,3
3010
CompanyName
Copyright 2011
FileDescription
FileVersion
InstallBrain
InstallBrain Installer
LegalCopyright
LegalTrademarks
PrivateBuild
ProductName
ProductVersion
SpecialBuild
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
      
<:;[0.11 
031204000000Z
05)3Fp
061116015437Z
070615000000Z
07969287
079692870
/-0_! $A 
0c_D6\
0?EK*x
0Gubg[
0h@S5<
0http://crl.verisign.com/ThawteTimestampingCA.crl0
0PSVCjpz\
)0sn6q
,]0:&T8
^0u)4c
0,uXp8;
0*/uy.
&0WRc'
0ynBr4
110713133826Z
120507122917Z0#
120614235959Z0\1
120625182046Z0f1
131203235959Z0S1
1"6$10
@1A	jb%~
1C3O&*
1DW4zdmr
1^hUJ>d
((+1=LI
1O:=lu
$/]1qDX
@1sq>`i
1TquY 
<1W$'XS
>/1?@Zp
,#_-2:$
261116015437Z0
2E85[@
2+]eEW
>*<2<F}2s-
2J9!G-!
(*2jJo
`2ojBf
2*OR*zZ
2t&+68qI
30'9^S9
3<.})1
3H%{B7`~t
\3;Of]
3Q%BkG5`n
3<uDom
3*X"hE
4`}9WK
4J8]`x
4	o(%xJ:(
\4P{pUp
4Ry"{a
4;s)@tv
+.4u9.<
4]VNy,%
4W}:$j
4z5v<v
: 4zhH
5.55cB
#5<`b]
5e&[GQ
5http://certificates.godaddy.com/repository/gdroot.crl0K
5IGGSJGG
]5jSyJdx
5)Nz)#
5'[paXp
5rS~3T
@*_,6+
!63-j6
.6\6si	 
6^bMRQ4q
.6$CaN2T
]6",[h
:6XG7Y
74WxMCyq
,7Eg>p
7	(kqe
7K.RP\
7m@zdA^I.-
?7!Op1
7:rJM09
7sjn{u`
8)4Cbf
8_aIaKA
8BD$hZ
8bI@hO1
`8dB2(
~,8DTj
8h7Wmx 0
8jNbtR
8p6#	l
8SX\ZO
\@)8`&Z
<97kdr
97q&.obSx
/^9J1E
9)L@Tl
9l$\w_
9{MU.Udhc
9&t<GM
9/`'wb&
$]9?@x
9*[Xdn
,9YFkL
9?Y*HNW3
~.~a#'
a\0JY`AP
a:1Mp/
A-6|bI(
a6k85Y*
A8|7"]n
>a)Dhh%
ADVAPI32.dll
 A"/{En
AFt+$"
aJHH-JHHoJHH
    </application>
    <application>
aQzq.H
Arizona1
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
a*U;%B0
b5BR\XY*H%a
BBQJ`S<
Bbt{ ?$
'BCA%`L
^'b#dxTZ
	Beaverton1
bF]|.4b
BitBlt
BLdu4Gf
BLf?wK
b`[}\ljB
bOluqHJ
-bpeG@
/b|q!v1
,br{?xtH
bTSXn.
b(v8rVOhG}
BZ^Ii^
C3>5d|
C6Q9hy
cCmkfnd
=CD8n{o
cG;f<-.
c[Hukz:
cjOVt2
c>_*Oe
COEh6i
CoInitialize
CoInternetSetFeatureEnabled
COMCTL32.dll
  </compatibility></assembly>PAD
_)CPzy
CQYfC-
Cr83fQy
CreateEnvironmentBlock
c#RXW}w~
C$@s~/
 CtM:8:y324k%#'K 
 cWh\t
C|w=qA
czh,/xP
,D	?,#^|
!];[ D.
D0H!#%
$"D!1<
-d\1z.
&Da,J2
dbghelp.dll
<defines><CAMPAIGN_ID><![CDATA[8]]></CAMPAIGN_ID><CAMPAIGN_SUBID><![CDATA[3510]]></CAMPAIGN_SUBID><HARDCODE_DEFINES><![CDATA["cid:275" "clickid:0007422320852785877" "Country:TR" "bandoo:0" "babylon:0" "findamo:12" "pricegong:0"]]></HARDCODE_DEFINES></defines>
<defines><XML_URL><![CDATA[http://stats.smartiengine.com/installer/bootstrap.php]]></XML_URL><SERVICE_URL><![CDATA[http://stats.smartiengine.com/service/bootstrap.php]]></SERVICE_URL><STATISTICS_URL><![CDATA[http://stats.smartiengine.com/service/stats.php]]></STATISTICS_URL><SELFUPDATE_URL><![CDATA[http://stats.smartiengine.com/service/updater.php]]></SELFUPDATE_URL><CRASHREPORT_URL><![CDATA[http://stats.smartiengine.com/crash-report/ibsubmit.php]]></CRASHREPORT_URL><WELLCOME_TEXT><![CDATA[Preparing, please wait...]]></WELLCOME_TEXT><CAMPAIGN_ID><![CDATA[6]]></CAMPAIGN_ID><CAMPAIGN_SUBID><![CDATA[3413]]></CAMPAIGN_SUBID><HARDCODE_DEFINES><![CDATA[]]></HARDCODE_DEFINES><CRYPTER><![CDATA[false]]></CRYPTER><SERVICE_NAME><![CDATA[IBUpdaterService]]></SERVICE_NAME><SERVICE_EXE_NAME><![CDATA[ibsvc.exe]]></SERVICE_EXE_NAME><SERVICE_DISPLAY_NAME><![CDATA[Updater Service]]></SERVICE_DISPLAY_NAME><TRAY_APP_NAME><![CDATA[Software Updater]]></TRAY_APP_NAME><DELETE_ON_CANCEL><![CDATA[false]]></DELETE_ON_CANCEL></defines>
DelP$E
dEOOov
,dF?V/#
Dge|k;
.)D$H)
D}=ivv
dnD-	A{
*"/D p
dpiudq
	D _R]
*'dRbF
D$t+D$\
D$t#D$h
DtV<wV
Durbanville1
'``	-^E
!e0BA/
|#e4=hEY:
%e4q(L
eA|3b!Ey
e -{Hgz
)E,'=HM
e!iN!E
`E}jz 
e/k'oa
E\L2F8
EOlLVv
^	EOn,$
ep-NUI
*+E@pu4
eQnfN!
EtpJWH
eUH[s>u
ExitProcess
E*zB"_^
F& #(#
|Fb(~B
fcT!Zhw
f@^da!
FGYk95
f\{h\6\
fhi$9i
f#jS<<
-F~Mu 
f!O%1Rq
f}?)p*
F%?QGS/
fQitZ^q
}&+G0&S
G27sIP
G6`:p]Y
G7!8(SIt
G7g)[N
g8d&VZ
G}`avT"
/,.\gD
GDI32.dll
G?|E11}*
gEHc:7
GetProcAddress
gFAM4WmA
GGz<TE
G	hcdh
GJ{<^g
gJgffq
G:lY>M
gMDJeam
(Go Daddy Class 2 Certification Authority0
GoDaddy.com, Inc.1301
'Go Daddy Secure Certification Authority1
gqR_7!
g&&RG~e{
guKb	x
"GU;pJr
''g/VX
gXpc=cR
!h0q_y
h@:1Sb
\h>B!n
h%e}(3H
h*E7C{S
H~EIou
h:g67AR@
\hJnuI
hM_:mg
hMr]8yM
>hNkEq
H>p^fdjB
^h_,pL
Hp'X(r#
;`hqR3
H*QT$X
hR\6$E>
;hrI?_$[
*http://certificates.godaddy.com/repository0
*http://certificates.godaddy.com/repository100.
>http://certificates.godaddy.com/repository/gd_intermediate.crt0
"http://crl.godaddy.com/gds2-17.crl0M
"http://crl.verisign.com/tss-ca.crl0
http://ocsp.godaddy.com0F
http://ocsp.godaddy.com/0J
http://ocsp.verisign.com0
%https://certs.godaddy.com/repository/0
H]{+*)W
hwxR&-
h[xkArRGYQ
!HzT\Vx	;
I3UF8U
 i8	e'v
I$< b,
ic[soQ
?IDO"~tM
{I!DZ3
iE3jk9
I~gc@~
IGG5JHH_JHHgIGG%
IGGcIGG
IGGCJGG
IGGcJHH7JHH
IGGgIGG
IGGGJGG
IGGGJGGsJHH
IGGgJHH
IGG]IGG3JHH
IGG=IGGgJHH
IGG-JHHgIGG
IGGkIGG
IGGUIHH
IGGYIHH
IHHCIHHmIGG
IHHGJHHsIGG
IHH=IHHgJHH
IHH=JHH
IHH%JHH
IHHMJHH
IHHoJHHEJHH
IHHQJHH
IHHuIHH
IHHwJHH
IJ(]4:
IJA f-
InitCommonControlsEx
]ipH|o`i:
i=p*iVh
iRkcI!aY
I}:sp)
{Iv$c-
i w)(:
IzQ_Ja
.j10&!
JcEG.k
jC,US1k
# Jf}u4
JGGcJHH/JHH
JGGCJHHoIGG
JGGEJHH
JGGIJHH
JGG-JGG
JGG=JHH
JGG'JHH
JGG	JHH/JGG[JHH
JGG'JHHoIHH
JGGMJHH
JGGqIGG
JGGYJHH
JGGYJHH/JHH	
}J"h8/C
JHH= ~
JHH1JHH
JHH1JHH[JHH
JHH5IGGiIGG
JHH5JHH
JHH5JHHaJHH
JHH7JHHaJHH
JHH9IGGeJHH
JHH9IHH
JHH9JHH
JHH9JHH1JHH
JHHA }
JHHaIHH
JHHaJHH
JHHAJHH
JHHaJHH7JHH
JHHcIGG
JHHcJHH
JHHCJHH
JHHEIHH
JHHeJGG
JHHeJHH
JHHEJHHqJHH
JHHgJHH
JHH%IGG
JHH_IHH
JHH-IHH
JHH)IHHUJHH
JHHIIGG
?JHHIIGG
JHHiIHH?JHH
JHHiJHH
JHHIJHH
JHHiJHH=JGG
JHHiJHH=JHH
JHHIJHHsJHH
JHHIJHHuJHH
_JHH)JGG
JHH}JGG
JHH+JGG
JHH{JGGQJHH%JHH
JHH'JGGSJHH}JHH
'JHH}JHH
JHH=JHH
JHH_JHH
JHH-JHH
JHH?JHH
JHH/JHH
JHH'JHH
JHH)JHH
JHH[JHH
JHH]JHH
JHH]JHH	
JHH#JHH
JHH	JHH
JHH]JHH1JHH
JHH	JHH1JHH[JHH
JHH?JHHiIGG
JHH	JHH/JHH[JHH
JHH!JHHMIGGwIHH
JHH#JHHMJHHuJHHyJHHCJHH
JHH#JHHOIGGyJHH
JHH{JHHOJHH#IHH
JHH#JHHOJHH{JHH
JHH{JHHQIGG%JHH
JHH%JHHQJHH{JHH
JHH}JHHSJHH%
JHH+JHHUJGG
JHH)JHHUJHH
JHH{JHHwJHH
JHH/JHHYJHH
JHHkIGG
JHHKJHH
JHHkJHHAJHH
JHHkJHHkJHH
JHHKJHHwJHH
JHHM ~
JHHmJHH
JHHmJHHCJHH
JHHoJHH
JHHoJHH	
JHHOJHH
JHHoJHHCJHH
JHHOJHH{JHH
JHHqJHH
JHHqJHH'
JHHQJHH
JHHqJHHEJGG
JHHqJHHGJHH
JHHsIGGGJHH
JHHsIHH
JHHSIHH
JHHsJHH
JHHSJHH
JHHsJHHIJHH
JHHSJHHKIHH!JHH
JHHuJHH
JHHuJHHIJHH
JHHUJHH)JHH
JHHUJHH+JHH	
JHHuJHHKJHH
JHHuJHHMJHH#IHH
JHHwIHHKIHH!IHH
JHHwIHHMJHH!
JHHwJHH
JHHWJHH-JHH
JHHWJHH+JHH
JHHyJHH
JHHYJHH
JHHYJHHyJHHQJHH'JHH
JK(9:8t
&jlf~z
~J "^m
j~oCJ#
~jpiD`l~Xd
jVta_e
-J.W1=o
J+*$#wAd
J=wwdY
#?&%)K 
	K#2xB
K4z=	;
K7HP&{
KERNEL32.DLL
 K"feM
K>/JCn&
}/KnbC-I
'[KNO1
KPO!|$
kQ5QaJ
KU=q0Tb
 KV/L@T
Kw*1	%5
.kYHw'u
!!l0tm
l9Eq83\^b
L9/j"G
Laq,	ea
l%(::b
-l@|bf
lC:4[\
LcEjYB
LF,,@IS
L gK+C
l~(Io/XO
lL~Jvh$
>L})M6
lN1\]t
LoadLibraryA
L%ofTsY
Lr~??[
l]Sl)FI6(
@?"	lT
=]lVn~m
:$L	vsjL
Lw+0>7X\]
'LWus\
&l{:^xR
Lz8'Y\7
<>_'M{
M1Fuu0S
M1N`mI
)m7cS5
|ME2x.
,=m)%FhO&
]?mH4G=2
+MHCQO]
MiniDumpWriteDump
;>MrOW
msi.dll
mttE!o
M	Y4Jp
MYa9WY
|N]d<^
nDrK#`
Ne!}>;
Nf}7_- 
n);FG6
$nF	K\]
:nInWv
n[JK1]A#X
nKcF)c
\nKkj9R
Np%eJq}P
nPK|~f
nQ$c-V6
nU]O[!1
nv5Da	|
#|n%vna:
nvOW2?
",=O	`
o%4N5B
o =fI 
ole32.dll
OLEAUT32.dll
OnL^ 5W
oqYL,V
osnrcZ
(ou9XX_
Ov3~i*
!oVi]#
o`VUK(
o(wUa77
oyfXh;?c
.p,_]0
P1vw@!
"p2y^ p
{PbZ.	
,pEdF2
Pemn~kmy,
Performersoft LLC0
Performersoft LLC1
-p@$f1ybz
P['/f"CHI
Pf.]_s
p"}>KI
P#LU7"R
PMw,6]
'P|pl>
pQG5d!-)
p^SIeQ
]P|+u	@
PU}2,UK
PUXvRQ
pV`(*C
PwfS.%
q1J4v9
<:<q324E! $' 
~q^4rf
q8jW-V('
q'	^\\A
QA GJF
Q!;#g]
qLz/su
Qo!/5Bc
/qo-t)n
QPJTw\O
QRMIt9
q@rq683t4G
Q@<t?$
qu%bi ^
Q<vceK(Fdq
Qw@2$~D1
?qwq)T
q!@w}T6j
 QXlg0:^
(|/!;R
R3Sgwb
,R 8	`
rbezC7
RD|<`Kx
r[:[dw
r=e9<	
RegCloseKey
+_rE+O#E
rFc&"+
rGYUZ0z.
r>IWgJcL
&?]RL]Di
.r:!na
R?$Nn19
<}r^o_
r\("P+
RPCRT4.dll
Rqp"Q:
RW|\Hj
]r^YbT
RzZPg*V
s2y	+s
s4')~r
S$6n#Es
!s6W_<
S8r89T
S9GgKPSr
SBHo=u
Scottsdale1
sCV'	vx,'
s:FPe)
s=&g^"5
S+GZBg5U
SHELL32.dll
SHGetValueW
SHLWAPI.dll
?ShP23
sI"p?Y
s`)L$4
S!L*l@
S.!Of[zl
\|SPvV
S$rmxz
S(tCN(
      <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
      <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>
\SV1s!
sV\/Gl
SX	0f?
,sY3"Ql
S/!yb$
sZ3nGH
!]?{T~!
:T/9`]
TBERZ80
)#T-c'
]#T{dC
tD__^S
[t{e|!
TeUyeK
)T f'Lvs
	.tGMR
tG%'Q$a
t:G_~'y9nA
Thawte1
Thawte Certification1
Thawte Timestamping CA0
The Go Daddy Group, Inc.110/
!This program cannot be run in DOS mode.
t+M=\u
tQ~F%}[.
tq?Nvy
TSA1-20
TSA2048-1-530
t$t#t$l
Tw=)nY:
T[y)*#|
u5%VNQ
U& ^~8E
U,\A<9!
ubObW8
 [uC{^7>hK
!u	:cm
@*Udq'!
.Uf''-^]3*~
u]G0bF
"\:u.H
?;UH	[+
U-ib^$q
UIn-%^}
UJHHoJHHCJHH
uKRJ[l1
u##Pt6:
UQ>s<y
Ur,iTq
urlmon.dll
USER32.dll
USERENV.dll
uS+l=4
utVBY}
UuidCreate
Uu~wd!
uvHf']/
U_v"Ot
}:;v/`
V2;R8ll
v7/f27
=^"/V(8-h,
V_8M*"8
=Vc%6?
VeriSign, Inc.1+0)
VeriSign, Inc.1402
"VeriSign Time Stamping Services CA
"VeriSign Time Stamping Services CA0
+VeriSign Time Stamping Services Signer - G20
VerQueryValueW
VERSION.dll
vFC9A\
VirtualAlloc
VirtualFree
VirtualProtect
VK(?u?o
VMv[3GAS2ti
Vn[>Dj&E+r+b)
VNR1ahb
v`o?pD
VTH%Qo
V	U|JX
V*w+Ou
VXm*	o^
V:$Y@\
W0qN8#
w103u 
w)!)'2*
,w^c9%
#WD9N_i
Western Cape1
WINHTTP.dll
WinHttpOpen
W$=:KK
/|}W/l`
w)Ozjd
Wpn;2X
=Wq}u5
WSDTyKd8
\_w`/T5
WTSAPI32.dll
WTSQueryUserToken
=!w!TzFjv
;W>v}Mc1
Wv:?|O
ww<'2N
/Ww5z(
w-!x)K{nZHq
|WXO7"
w`|(y=
^@X0Phh
x6gRgQ
xa)|9!
~	xb-\
xCR6"c
X$dZ(q
.x#G{q
^x<H;Ou
X"K*@M
\|.	|.X[M
Xnh$]C	
x\ni_2
xpRzS:
XPTPSW
.|x~Q\H
X';Q"N
}XSU%p~
xVp:qh
"XVzkI
x-&zEA&
y	=/,.
y1n,R[
Y2KvMY
y.6@ h
]Y9>rHH
 yAXL#
y	dx?c
yehOe,
yK+Xzz 
Y\Ml{F
)yn"]A4
Y>^$?+,P
.y'pI]+'
ySNW~Cd%
{yU2yc
}/YUq^
YXb<o	
yY73[P
z10STT+^
Z3'Cnh
Z9Nbc[
#ZAIldE
]zA@X%
ZbNJ[e
Z[ct!S
\}z{[d
@(.ZD2
[~Z[g:
ZHdDY 
Z\Jlq}
[zK{Et$kLw~
,Zk\Gz
'zl7@IC
zlTwBWxZ?_
Z;mJH]e
(Zp<wO
ZQ4!y!
=zqZS/
zr7\vHV
Z%R_`q
ZuG:~&[
zwgQ`{