| Analysis Date | 2015-03-18 09:26:09 |
|---|---|
| MD5 | 83e30c9d27ce740ce886319e2ec84270 |
| SHA1 | dede5a7797bf938f55d6ffd87e1e5d8d01de50d0 |
Static Details:
| File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
|---|---|---|
| Section | .text md5: db4183ff76a8a811a0e603f81c24e5bd sha1: 38efd5988925380e9177a3308e164992cadbaa73 size: 26624 | |
| Section | .rdata md5: 06efc7d78d20d624c7ac95b1453864a2 sha1: 90df7362285f9ae9b1f085a13c46d16f14521bd8 size: 125440 | |
| Section | .data md5: 5adcd1fca9cad56628bc686556daa4f3 sha1: d840292e2896713623b82613e6bbea38a10911c0 size: 3584 | |
| Section | .rsrc md5: fc348d0703351121984115a0cd532fc1 sha1: 5a8def8f585ca9aa39c0fa58f2529f4cc3eaef90 size: 49152 | |
| Timestamp | 2014-01-14 16:44:10 | |
| Packer | Microsoft Visual C++ ?.? | |
| PEhash | efed65102d81f1571129af26207634accfb4f10e | |
| IMPhash | f01eae9a37db806e6de36e108a9ab772 | |
| AV | 360 Safe | no_virus |
| AV | Ad-Aware | Trojan.GenericKD.1683891 |
| AV | Alwil (avast) | Malware-gen:Win32:Malware-gen |
| AV | Arcabit (arcavir) | Trojan.GenericKD.1683891 |
| AV | Authentium | no_virus |
| AV | Avira (antivir) | TR/Rogue.205824.3 |
| AV | BullGuard | Trojan.GenericKD.1683891 |
| AV | CA (E-Trust Ino) | no_virus |
| AV | CAT (quickheal) | Backdoor.Zegost.r4 |
| AV | ClamAV | no_virus |
| AV | Dr. Web | Trojan.DownLoader11.9527 |
| AV | Emsisoft | Trojan.GenericKD.1683891 |
| AV | Eset (nod32) | Win32/Korplug.BX |
| AV | Fortinet | W32/Zegost.YTG!tr.bdr |
| AV | Frisk (f-prot) | no_virus |
| AV | F-Secure | Trojan.GenericKD.1683891 |
| AV | Grisoft (avg) | Citem.EZY |
| AV | Ikarus | Win32.SuspectCrc |
| AV | K7 | Trojan ( 00497b401 ) |
| AV | Kaspersky 2015 | Trojan.Win32.Generic |
| AV | MalwareBytes | no_virus |
| AV | Mcafee | no_virus |
| AV | Microsoft Security Essentials | Backdoor:Win32/Plugx.L |
| AV | MicroWorld (escan) | Trojan.GenericKD.1683891 |
| AV | Rising | no_virus |
| AV | Sophos | no_virus |
| AV | Symantec | Trojan.Gen |
| AV | Trend Micro | no_virus |
| AV | VirusBlokAda (vba32) | no_virus |
Runtime Details:
| Screenshot |  |
|---|
Process
↳ C:\malware.exe
| Creates File | C:\Documents and Settings\All Users\DRM\XXX\XXX.exe |
|---|---|
| Creates Mutex | Global\cvtbguacc |
| Creates Service | XXX - C:\Documents and Settings\All Users\DRM\XXX\XXX.exe |
Process
↳ C:\Documents and Settings\All Users\DRM\XXX\XXX.exe
| Creates Process | C:\WINDOWS\system32\svchost.exe |
|---|
Process
↳ C:\WINDOWS\system32\svchost.exe
Process
↳ C:\WINDOWS\system32\svchost.exe
Process
↳ C:\WINDOWS\system32\svchost.exe
Process
↳ C:\WINDOWS\system32\svchost.exe
| Registry | HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝ NULL |
|---|---|
| Registry | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝ 1 |
| Creates File | C:\Documents and Settings\All Users\DRM\XXX\nprqyjadoqkp |
| Creates File | C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat |
| Creates File | C:\Documents and Settings\Administrator\Cookies\index.dat |
| Creates File | PIPE\lsarpc |
| Creates File | pipe\winlogonrpc |
| Creates File | \Device\Afd\Endpoint |
| Creates File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat |
| Creates Process | C:\WINDOWS\System32\msiexec.exe |
| Creates Mutex | Global\eklrhgdvaqrfzgugv |
| Creates Mutex | Global\ommdvtuqnjwvdfajh |
| Creates Mutex | Global\ykbvd |
| Creates Mutex | Global\cvtbguacc |
| Creates Mutex | Global\ssmuagced |
| Creates Mutex | Global\wucme |
| Creates Mutex | c:!documents and settings!administrator!local settings!history!history.ie5! |
| Creates Mutex | Global\mschu |
| Creates Mutex | Global\ehiwunegkkhcp |
| Creates Mutex | Global\wubwfnsnwejrv |
| Creates Mutex | Global\kglwtnsgqecwvvtgv |
| Creates Mutex | Global\khuzkeoaogodbtwzx |
| Creates Mutex | Global\imdsh |
| Creates Mutex | c:!documents and settings!administrator!cookies! |
| Creates Mutex | Global\000000010000000000000100 |
| Creates Mutex | Global\uimnyxkbx |
| Creates Mutex | Global\ypsoayzmexnwqzmrx |
| Creates Mutex | Global\kgnoquaatodjhkrgq |
| Creates Mutex | c:!documents and settings!administrator!local settings!temporary internet files!content.ie5! |
| Creates Mutex | Global\khutgmgyc |
| Creates Mutex | MMMM |
| Creates Mutex | Global\aelyqgtun |
| Creates Mutex | Global\mwmjwuuwpuvcczsph |
| Creates Mutex | Global\oibsb |
| Winsock DNS | 127.0.0.1 |
Process
↳ C:\WINDOWS\system32\svchost.exe
Process
↳ C:\WINDOWS\System32\svchost.exe
| Creates File | C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf |
|---|
Process
↳ C:\WINDOWS\system32\spoolsv.exe
| Registry | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\LogonTime ➝ NULL |
|---|
Process
↳ C:\WINDOWS\System32\alg.exe
Process
↳ C:\WINDOWS\system32\svchost.exe
Process
↳ C:\WINDOWS\System32\msiexec.exe
Network Details:
| Flows UDP | 192.168.1.1:53 ➝ 192.168.1.1:53 |
|---|---|
| Flows UDP | 192.168.1.1:53 ➝ 192.168.1.1:53 |
Raw Pcap
Strings
.CC
5k.
.D.b.!W
...
...Q].
...N...L1.....
.
%
8...
.L
..f!
S
About
Copyright (C) 2014
exe Version 1.0
&File
H
((((( H
h&About ...
&Help
h(((( H
iE&xit
@jjj
jjjh
System
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0A@@Ju
0SSSSS
0WWWWW
1.DKhQ
4~f9.u
5J^=J^
63[4]5mm]5\]m]mm5\mm5555555\\\5\\\5m\55\\5ed:
!9.Lh`b
9w9!q9
A!~2!B
A2yNU%#!
A5DAZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
AD" )U
AFB_eC
AJ>#]A
AjTQbUdiE
An application has made an attempt to load the C runtime library incorrectly.
A%OUPCia
APhhfe
ASfefg
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
!aU%L0
AU* U'.
a_V!"k!
aVSTPSAob
AYL!q,xJ
aZTUfn
baObhfS
BBFFf;
BeginPaint
beWq"2#
!bTjd!d.QZ
b Z>dh "
ChB1La
c;MLoq
CorExitProcess
cOXY/P.Z0.0.QR00/ZPP0000000/0PPZR.BI@/DE0,
CreateWindowExW
- CRT not initialized
C"S6"B
@.data
dddd, MMMM dd, yyyy
December
DecodePointer
DefWindowProcW
DeleteCriticalSection
DestroyWindow
!`D!$F
D? gJk
D$(hl^B
DialogBoxParamW
DispatchMessageW
DJEE%M
DOMAIN error
dQSAejPO
eL^yAN
Ema[`_
EncodePointer
EndDialog
EndPaint
ENMm%1a
EnterCriticalSection
eOTbQj
ExitProcess
%EzAp=:
@@f98u
F:A4AD
fdUjPO
February
`_Fg%2Ag
fgbVamU
Fh=HuB
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
fmfUf$@
fnPS!`
fn!PUf
fnPWfD
fR1bNV
FreeEnvironmentStringsA
FreeEnvironmentStringsW
Friday
fRV!lS
fS"c}Odf
!fSgPSA
fSmbQQfe
fSnajObUf
fSTlB8
fTlUmPQ
fTPVSdCF
fTUSPZ
!fUSjd
GetACP
GetActiveWindow
GetCommandLineA
GetCommandLineW
GetCPInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileType
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetMessageW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemTimeAsFileTime
GetTickCount
GetUserObjectInformationA
GetVersionExA
g=:Ge+
GNa_`c
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
hfUiPT
HH:mm:ss
I3')+*+)))*))()*+++,6J!54 CBA
%i%a!NF
ijT!QS
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
IsDebuggerPresent
IsValidCodePage
Iux6Ef
J]%%
J^1J^AAJ^M
j8j ^V
JanFebMarAprMayJunJulAugSepOctNovDec
January
J?Ao1a
jbmj[fE
jcSbSZ
JEEEEEEEEEEFC
JEEEEEEEEEEFD
JEFEEEEEEEEEB
J!fJGRA
j h `B
JHHGGGGGGGGHI
_%J?!J?
JJIIIIJIIIIJJ
jOhamf
J#QJFU
jSfadUPSZ
jSUVb m
jTdPOOD
jTh8_B
jUjbma
JV5JVMJ
JVIJVEJ
JV}JVu
JVuJV}J
JVyJVuJV
}J^yJ^q
jYPQTVTSkllZTTXRTUiHceWda/
!.k%!.
$%k)AL
kernel32.dll
KERNEL32.dll
KERNEL32.DLL
k@Qa!G
k uiqf
L6$G))
L\_8L
LB(%AL
LCMapStringA
LCMapStringW
LeaveCriticalSection
lfZcee
LoadAcceleratorsW
LoadCursorW
LoadIconW
LoadLibraryA
LoadSC() = %d
LoadStringW
&!Lrjs
LyF|AU
LyF|UE
LyNa03
mATUSdnQj
MessageBoxA
mf bOemf
Microsoft Visual C++ Runtime Library
.mixcrt
ml"Fa/e
MM/dd/yy
mmPdbU
Monday
mPTf bO
mscoree.dll
mTUSdQ
MultiByteToWideChar
n4QL`h6
nAPVTf`fWA
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
nQADPO
nTWdSU
Nw~ytMMMMMMUbbrrrrrxxxxxxxxrriUMMMMMMMMMUuzt
)O6530./21+*-,4#4PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
O(@>=77A779?<8;$O'
O9UfSA
October
O%JEEEEEEEEEFFB
OOPU!cf!
OUfQSOfU
OUY UOD
OVnfS`A*EjC
OWjSPO!nfOU
PecdRB
PhSbn!db
Please contact the application's support team for more information.
PnnbOe
PostQuitMessage
POWfSU
PPPPPPPP
PPPPPPPPPPPPPPPPPKMNNNNNNNNNNOLO
Program:
<program name unknown>
- pure virtual function call
pwwwwwwww
pwwwwwwwwwwwwwwwp
pxDDDDDDDDD@
pxDDDDDDDDDDDDDDpx
pxDDDDDDDDDH
pxDDDDDDpx
pxwwwwwwpxDDD
pxwwwwwwwwwwwwwxpx
qfbWf?
qNVy!J
!"qONX
}>qooggggggg1`_fhsnHK
QQSVWh
q,rgFs
QueryPerformanceCounter
`.rdata
RegisterClassExW
RtlUnwind
runtime error
Runtime Error!
s#ar@j
Saturday
September
SetHandleCount
SetLastError
SetUnhandledExceptionFilter
SfbU#f
ShowWindow
SING error
SjcVUfT
SjUjQdbm
SjWBA]hf
SPOnfO
SPUfdD
Sunday
SunMonTueWedThuFriSat
SVO!jO!
t^9(uZ
TAifmm
tD9(u@
TerminateProcess
This application has requested the Runtime to terminate it in an unusual way.
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
thp`1f
Thursday
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TPdlfQU
TranslateAcceleratorW
TranslateMessage
Tuesday
;t$,v-
t+WWVPV
Ub5UV1
UbSUVQat
UcZO!YA
UfOefe
U&k!N
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UpdateWindow
UQPXY]Y[
URPQQh
USER32.dll
USER32.DLL
U# U
U% U" U
U]%!Vd%
V5JV1JVI
v$;5l{B
V#B]%
VfSZ2#
Vggf/S
VirtualAlloc
VirtualFree
V=JV1JV9
V}JVyJVq)
Vmf bOem
v N+D$
VSSf1OU
VuJVqJV
Wednesday
WideCharToMultiByte
WkV21TSav^8{
WriteFile
wsprintfA
Wto=H{B
wwwwwwwpx
wwwwwwwwwwwwwwwpx
XTQSjO
XTQSjOUg
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Y;=8uB
>=Yt/j
{|yvrrwsqpon
YYu-9D$
YYuTVWh
}zy|yx~