Who Wrote Sobig?

Copyright 2003-2004 Authors Page 1 of 48

Who Wrote Sobig?

Version 1.0: 19-August-2003.
Version 1.1: 25-August-2003.
Version 1.2: 19-November-2003.
Version 1.3: 17-July-2004. This sanitized variation for public release.
Scheduled for release: 1-November-2004.

This document is Copyright 2003-2004 by the authors.

The PGP key included within this document identifies the authors.
Who Wrote Sobig? Copyright 2003-2004 Authors Page 2 of 48

Table of Contents
Table of Contents................................................................................................................................................... 2
1 About This Document..................................................................................................................................... 3
2 Overview........................................................................................................................................................ 5
3 Spam and Virus Release History..................................................................................................................... 6
3.1 Identifying Tools .................................................................................................................................... 6
3.2 Identifying Individuals and Specific Groups ............................................................................................ 6
3.3 Identifying Open Proxies and Usage........................................................................................................ 8
3.4 Conjecture: Send-Safe and Sobig ............................................................................................................ 8
4 ISC Malware Scans and Public Announcements............................................................................................ 10
4.1 Public Announcements.......................................................................................................................... 10
5 So, Who Wrote Sobig? ................................................................................................................................. 13
5.1 Advanced Knowledge of Sobig ............................................................................................................. 13
5.1.1 About Ruslan Ibragimov................................................................................................................ 13
5.1.2 About Send-Safe ........................................................................................................................... 14
5.2 Skill to Develop Sobig .......................................................................................................................... 14
5.2.1 Skill: Microsoft Visual C++........................................................................................................... 14
5.2.2 Skill: Self-Compressed Executables............................................................................................... 14
5.2.3 Skill: Email and Spam ................................................................................................................... 14
5.2.4 Skill: Proxies................................................................................................................................. 15
5.2.5 Skill: Newsgroups ......................................................................................................................... 15
5.3 Access to Sobig Source Code ................................................................................................................ 15
5.3.1 Similar: Header Ordering............................................................................................................... 15
5.3.2 Similar: Coding Conventions......................................................................................................... 16
5.3.3 Similar: Opcode Sequences ........................................................................................................... 17
5.4 Motive to Write Sobig........................................................................................................................... 19
6 Conclusion ................................................................................................................................................... 20
7 Appendix A.................................................................................................................................................. 21
Who Wrote Sobig? Copyright 2003-2004 Authors Page 3 of 48

1 About This Document

August 18, 2003 was a day of infamy in the world of computer software malware. The Sobig virus, as it was
affectionately named by its the anti-virus industry, infected hundreds of thousands of computers within just a few
short hours. W32.Sobig.F@mm was a mass-mailing, network-aware worm that sent itself to all the email addresses
it could find, worldwide.

Within two days after Sobig was released, an estimated $50 million in damages were reported in the US alone.
China had reported over 30% of email traffic had been infected by Sobig, equivalent to over 20 million users! After
interrupting freight operations and grounding Air Canada, Sobig went on to cripple computing operations within
even the most advanced technology companies, such as Lockheed Martin. Sobig was so virulent that on November
5, 2003 Microsoft, in coordination with the FBI, Secret Service, and Interpol, setup the Anti-Virus Reward Program.
Backed by $5 million from Microsoft, the program offered a $250,000 bounty for information leading to the arrest
and conviction of the Sobig author.1

As the one year anniversary of the Anti-Virus Reward Program bounty for Sobig approaches, we felt this was an
appropriate time to publicly release the current state of our Sobig forensic investigation. Appropriately, the authors
of this document have chosen to release it anonymously for many reasons, some of which are:
• By releasing the information publicly, we hope to increase tips to law enforcement concerning the Sobig
authorship and spur efforts toward apprehension of the malware author(s);
• This document shows how computer forensics can identify virus authors. The computer forensic methods
demonstrated throughout this document have been utilized to successfully identify authors of other viruses
as well;
• Our focus is the objective analysis of Sobig. It is our contention, position, and belief that associating this
paper with any specific company, organization, group, or individual will only serve to detract from the
investigation.

The following public PGP key is provided for document validation, with the private key component safely locked
away as to eliminate any future chance of a lost key pair. Any individual or entity that claims authorship should be
able to validate their ‘authorship’ by signing a message with the corresponding PGP private key.
• The included PGP public key prevents unscrupulous people from claiming ownership of this document or
attempting to collect the Microsoft bounty;
• As this document is present on multiple mirrored sites and has been turned over to law enforcement,
anyone modifying the PGP public key will be unable to pass a fake key for potential bounty award;
• This PGP public key will only be included is this document. Other documents, where malcontents attempt
to place our ownership on other findings, should be considered forgeries unless they include a message
signed with the PGP private key.

In the event that any individual or entity may be able to identify the authors of this document, we urge you to respect
our request for anonymity.

1
Ironically, our investigation into the identification of the likely Sobig author(s) and corresponding findings had
already been concluded and passed on to law enforcement over two months prior to the Microsoft bounty offer. The
bounty was not our incentive.
Who Wrote Sobig? Copyright 2003-2004 Authors Page 4 of 48

-----BEGIN PGP PUBLIC KEY BLOCK-----

Version: PGP

mQGiBEF5UyURBACZ9jsrBaowh4npI0ac84RVD9fzzR9oW9x4TkfPNlddzzR4uhko
CsKUK9IfeEz7C6a6pMKbwB83xjBedhjRE5zMfqns4kSY33XJirGzRHWXWbD7n1zn
WFfq84VBCezDmUy6cy4+zipQDyPYs+u8YfCMUfS2XCHXwD8lqg5jvIzsiwCglpkp
z4+x1qvUrVNIkJlxeYzbDOsD/3Y/DHvNmNa8LGKTyF7KFgD5TTBSnPW5tpzdXkcp
+UVg09A6qHagx90LGOA6l0P8oOJYPGaCvuQV7Br2zqqAw5PUouwxFPJTsWrmU25N
lQ83jf8WaJTvU46/TXg8H+ctKeCLa4R6h4+dDkRjxSeKMuGbK8yZAVOv+VkANRci
sFumA/sHb/+ovnRRp0rQ6xSz0HDOzJNNCF3ghZ4M+h13o7Ll4FCYVjr2pWeoeWKH
80KZ8QWXfHMv4UmKekJ/ghI0AbUN/2ZLSqMTcQqZjqZdGivHPNG1rSk0qPupyQi+
+Cp7UM49r8kfC7eMmwqzd3VIix1+HC+nlxmkk6E/rYXaDKvzOLQ4QXV0aG9ycyAo
QXV0aG9ycyBvZiAiV2hvIFdyb3RlIFNvYmlnPyIpIDxhdXRob3JzQGRvbWFpbj6I
XwQTEQIAHwUCQXlTJQUJA8JnAAQLBwMCAxUCAwMWAgECHgECF4AACgkQ68sDbPEA
3GOKQwCcC2Lg98QoRbDhwvm4y2KK0i6gTYsAoIcFHzo1owPyi3uObA80V+wnr11O
uQINBEF5U2MQCACH2+h+bY7cMe6ti87JRkx50Ian0B4g8m3ugvNN0qXd2YNdFOuD
igrMi/SOLLb8tuGGOTEVkkNwtkejnP0Nc8tppxbJkEvG+MKxbOScSUEHswNAjTG0
qdMTT3HsGQZbgoxEE5RzW5ZqMizUTRvLAWB98LCZWeyfzkX14iflJw9m3RtsAFc0
TSV/WLsPH+o+ula8hkdc7klEEDRguLMkcOSttgwa4UbDota81pZ1poEbYRDGUFMT
VMTrkFNV4mCRsUPsDkOn9spdlBAkC6U/h8kcfWdNT7V8V6mdW7kV4WmJ24xGro7d
RxHMiGVVYTMesaW8chz2xO5rG+nwS4yyX723AAMFB/9EMSUKaucuBmFnKwxGHMAb
D01m8AAIE4chZF4fhhF9d8lnSMqyxwm/X9uSvUGD/3hF2QwvMzQVTFiy5ChYsIwz
TuK2WyQMbgWkmvlUn2RNUP68Il+6ewWyupTZdbSHSxiurWyyAqX9gBLkmX4ndOeG
e2LPwBZ+GWLK8KFGGZTyanLkLfZ3DUwj9eMXaW5EYhoEQ/lIcp7m3kJ5k3WlVALA
MMU5WJRbpY+7Q8Nn+zS0d59p2HALIEUvXxlueHpoxvhYPKo4j3xzB5/8CE3RdP8y
UeNpLSVieR7CDFSYuGvHwsKi+zi0ihHFyjosj9CEJ1rsKAEIlu6P3LdpYKcGEFDM
iEwEGBECAAwFAkF5U2MFCQPCZwAACgkQ68sDbPEA3GMMAACeJoVCaAIw6NZA78CH
MQpkb1m8nDUAn2UT+n7BsfFUPK3hvtfCCvf9ywP5
=7hlJ
-----END PGP PUBLIC KEY BLOCK-----
Who Wrote Sobig? Copyright 2003-2004 Authors Page 5 of 48

2 Overview
Sobig was a virus specifically designed to aid the anonymity of spammers. Sobig opened up services that enabled
spammers to relay their emails anonymously. Although publicly the motivation and author of the Sobig virus is
unknown, through the use of forensics and profiling, we have identified a very likely suspect and motive.

Our research indicates that Ruslan Ibragimov of Moscow, Russia, and/or Ibragimov’s development team, authored
the Sobig virus. Ibragimov himself is the author of Send-Safe, a bulk mailing tool product that was explicitly
designed for sending unsolicited email (spam).

Our investigation will demonstrate:

• Advanced knowledge: Ibragimov has demonstrated an advanced knowledge of Sobig outbreaks.

o The releases of Send-Safe coincide with Sobig releases;
o New features in Send-Safe coincide with Sobig features;
o A specific spam group that use Send-Safe was observed relaying through Sobig-infected
systems as much as two weeks before the official outbreak.
This same group has been observed using specific versions of Send-Safe prior to
public release (using pre-released software);
The time that the group was observed using Sobig (prior to public announcement)
corresponds with the Internet Storm Center recording an increase in port scans for
Sobig-infected systems.

• Necessary skills: Based on the attributes and overall functionality of Sobig, the developer would require
the following skills:
o Knowledge of Microsoft Visual C++;
o Self-compressing executables;
o Email and spam;
o Proxies.
Ibragimov has demonstrated these skills and knowledge: Send-Safe is a spam tool designed to send email
using proxies, written in Microsoft Visual C++, and self-compressed.

• Source code access: Sobig and Send-Safe share a common source code base.
o Unique source code creates unique opcodes within the executable code.
Both the Sobig and Send-Safe software share large sections of common opcode
sequences, implying the same source code;
The common source code is used to both generate and send email;
o The email headers are unique to Send-Safe;
o Sobig includes code for an email header that it does not use.
This unused code appears in the same order as the Send-Safe executable – and the
code is used in Send-Safe;
o Ibragimov has not publicly released the source code to Send-Safe (or any of his other
programs, to our knowledge).
Send-Safe predates Sobig by a few years, indicating Ibragimov had access to the
original code base used to develop Sobig;
o Ibragimov has demonstrated a pattern of reusing source code.
Large blocks of opcodes found in Send-Safe appear in other programs created by
Ibragimov.

• Plausible motive: As Send-Safe provides a list of open proxies to subscribers, there is a clear financial
motive for Ibragimov to have created the Sobig worm.
o As Sobig opens additional ports, this provides more open proxies for Send-Safe subscribers.

Based on these items that have been identified, we contend that Ruslan Ibragimov, or Ibragimov’s development
team, authored Sobig in order to support and extend the Send-Safe customer base.
Who Wrote Sobig? Copyright 2003-2004 Authors Page 6 of 48

3 Spam and Virus Release History

Sobig appears designed specifically to assist spammers with anonymity. Sobig opened new network services that
enabled spammers to relay their emails. So the first part of this investigation will begin to take a look at the spam
groups.

To effectively send anonymous spam, there are three items required:

1. A bulk mailing tool;
2. An individual or group to operate the tool;
3. A set of anonymous proxies for relaying the message(s).

3.1 Identifying Tools

The generation of email spam to a potential list containing millions of email addresses must be done quickly and
efficiently. To accomplish this within a reasonable timeframe, an automated bulk-mailing tool is typically used.
Bulk-mailing tools can usually be identified by the unique attributes and residues that are placed within the
generated email’s header. These particular header fields, their ordering and value patterns within the email are
generally consistent for any bulk-mailing tool, but differ between each email. Identification of email by a particular
spam tool can be accomplished by simply grouping the spam messages based on their attributes. Within the scope of
this document and investigation, the bulk-mailing tool is named Send-Safe (www.send-safe.com). Depending on the
specific version of Send-Safe, each has a slightly different header format (Fig.1).

Fig. 1 Sample Send-Safe headers. Different revisions have minor header differences.
Send-Safe 2.0 Send-Safe 2.14
Reply-To: <fgtwy@aol.com>
Message-ID: Message-ID:
<022a36a14e7c$7882b4e6$5be88aa1@ueoqrf> <1d5c002d720c$8de7722e$9213aa50@wfksiy.iud>
From: <fgtwy@aol.com> From: <yankee-eril@yahoo.com>
To: select To: <user1@domain>
Subject: Home Based Business Cc: <user2@domain>,
Date: Wed, 22 May 0102 23:13:14 -0600 Subject: You'll be HUGE! In just 2 weeks!
MiME-Version: 1.0 Date: Fri, 06 Jun 2003 05:15:57 +0100
Content-Type: multipart/mixed; MIME-Version: 1.0
boundary="---- Content-Type: multipart/alternative;
=_NextPart_000_00A2_87B13A0B.B6003A33" boundary="----
X-Priority: 3 (Normal) =_NextPart_9D8_B8E1_9212F5FC.091B2CAD"
X-MSMail-Priority: Normal X-Priority: 3
X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MSMail-Priority: Normal
Importance: Normal X-Mailer: ardeli79352a789

Send-Safe is the only known bulk-mailing tool that generates these email headers in this specific order and with
these value ranges. Even though there are over 14 revisions of the Send-Safe software, most of the versions 2.0 thru
2.14 have very similar layouts. Subtle differences shown in the above examples include the spelling of “MiME-
Version” versus “MIME-Version”, the correction of a Y2K defect (0102 should have been 2002), an addition of a
period in the Message-ID hostname, and the dropping of the uncommon “(Normal)” comment in the X-Priority
field.

3.2 Identifying Individuals and Specific Groups

Although the publicly available Send-Safe software is a common bulk-mailing tool, not all Send-Safe users employ
the software the same way. Based on specific user-configurable functions, Send-Safe users can usually be identified2
by the unique macros employed, their values, sending habits, contents and the basic functionality selected. Users of
a specific feature set are considered to be in the same ‘spam gang’.

Known Send-Safe ‘spam gangs’ include the DHS Club, “Mr. Yahoo”, and the Send-Safe Spam Group (SSSG).

2
Identifying an individual does not necessarily imply knowing their name. It usually implies that all emails with
identical traits are likely from the same unknown person.
Who Wrote Sobig? Copyright 2003-2004 Authors Page 7 of 48

The DHS Club can be easily recognized by their content, as they appear to operate a pyramid scheme out of
Florida.3 “Mr. Yahoo” is an individual that always uses a forged sender address to offer porn, while claiming to be
from “yahoo.com”, and uses a Message-ID that always ends in a capital letter sequence (Fig. 2).

Fig. 2 Send-Safe header from Mr. Yahoo

Message-ID: <674701c38b6f$27fdba53$3e2fcf90@BCD>
From: "gabriela 21939" <bigcfmjmfhnkl@yahoo.com>
To: "jessa" <user@domain>
Subject: leemav Find Your Dream Fuckhole With Drastically Simple Criteria Searches!
Date: Sun, 5 Oct 2003 18:33:12 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_54F9_01C38B90.0174D88E"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-UID: 605

SSSG stands out from the fray as a unique spam group or ‘gang’. The SSSG operating method includes:
• Rotating software. Most spam groups do not change their software until it becomes ineffective.
Conversely, SSSG appears to rotate their software regularly. Since everyone in the group does not rotate
their software at the same time, a graph of their software revisions over time appears as multiple,
overlapping bell curves (Fig. 3).
• Rotating sending methods. The majority of spam groups stick with specific sending methods, such as the
use of open web or socks proxies. SSSG stands out because they rotate their sending methods. Initially,
they were observed sending directly without any proxies, but then moved to open proxies; initially ones
that they operated, and then later to open proxies provided by Sobig.
• Pre-release software. SSSG has been observed using new releases of Send-Safe software prior to the
actual public release of the software. In many cases, SSSG appears to have used previously un-released
versions of Send-Safe, which appear to correspond with jumps in the public release Send-Safe software
revisions.

3
Source: “The Distributed Home Spamming DHS Club”, <http://www.theclubbuiltonspam.com/>, 22-October-
2003.
Who Wrote Sobig? Copyright 2003-2004 Authors Page 8 of 48

Fig. 3 Software revisions from SSSG rotate over time. Every color indicates a different software revision.

3.3 Identifying Open Proxies and Usage

Open proxies are the third item that an anonymous spam group requires. Open proxies allow a sender to relay
messages while keeping their true IP address anonymous. If the sending system’s IP address happens to be tracked
to the spam, the tracker will find a system with an open proxy server, masking the true sender’s IP address. Multiple
proxies are used for three main reasons:
1. Heavy use of a single proxy may be noticed and cause the proxy to be disabled;
2. Some proxies place a limit on the number of times an individual may relay through it;
3. The bandwidth of the proxy server is unknown, so by relaying through many proxies, the spam sender can
increase their throughput.

Send-Safe provides four methods for sending spam:

1. Use your own. The user can provide a list of proxies, leaving it up to the user to acquire the list;
2. Send-Safe proxy scanner. Send-Safe provides a proxy scanner for use with the Send-Safe bulk-mailing
tool;
o As of scanner version 1.5, the unregistered scanner will send all discovered proxies to Send-Safe
for use with the registered bulk-mailing tool; if you find a proxy using the unregistered proxy
scanner, then other Send-Safe users also gets to use the proxy.
3. Send-Safe proxy list. Send-Safe can provide a list of proxies at an additional cost;
4. Send direct. If no proxies are available, the Send-Safe bulk-mailing tool can send email directly. The user
may also select an option to send directly.

3.4 Conjecture: Send-Safe and Sobig

The Send-Safe software appears to have direct links to the Sobig virus.
Who Wrote Sobig? Copyright 2003-2004 Authors Page 9 of 48

Multiple releases of Send-Safe software correlate with releases of Sobig, both in chronological order and
functionality (Fig. 4). Each revision of the Sobig virus had opened a set of network services that can be used to relay
spam email; Sobig was likely created to open proxy servers for use by spam senders.4

Fig. 4 Correlations between Send-Safe and Sobig releases.

Software Release Date Notes
Send-Safe 2.0 09/2002 Send-Safe 2.0 introduced encrypted proxy lists. This happened after a newsgroup
acquired the proxy and address list (35Meg file), and made it public.
Send-Safe 2.1 11/20/2003 2.1 introduced SSL to the server, along with encrypted proxy data. The same newsgroup
called it “trivial” to decode, decoded it in under a week, and posted the information.
Sobig-A 1/09/2003 No expiration. Executable packaged with tElock. Believed to be a proof-of-concept test.5
Opens proxies on ports 555, 608, and 1180-1185.
Send-Safe 2.09 3/19/2003 Compiled on March 18, 2003. (Possible prior releases between 2.1 and 2.09, but we did
not track until March.) Change in registration: Minor registration charge for using your
own proxies. Major registration charge if Send-Safe provides proxies.
Send-Safe 2.13 5/18/2003 Compiled on May 18, 2003. Supports more proxy types. (HTTP, HTTPS, Socks, etc.)
Sobig-B 5/18/2003 Compiled on May 16, 2003. Deactivates May 31, 2003.
Executable packaged with UPX. Believe to be the first non-proof-of-concept release.
Release correlates with Send-Safe 2.13 release. Provides many types of proxies, most
(all?) are supported by Send-Safe 2.13, but not supported by Send-Safe 2.09.
Send-Safe 2.14 5/30/2003 Compiled on May 30, 2003. New registration system. All proxies found by Send-Safe
proxy scanner are now sent to a central Send-Safe server for all users. More complex
encryption system for transferring the proxy list.
Sobig-C 5/31/2003 Compiled on May 30, 2003. Deactivates June 8, 2003. Executable packaged with UPX.
More complex encryption system. Release correlates with Send-Safe 2.14 release.
Sobig-D 6/18/2003 Deactivates July 2, 2003. Believed to be a premature release or a test due to limited
spread and overlapping expiration date with Sobig-E. Sobig-D used the same ports as the
previous Sobig releases.
SSSG 6/18/2003 SSSG observed relaying through a system with ports 2280-2285 open.
Sobig-E 6/25/2003 Compiled on June 24, 2003. Deactivates July 14, 2003. Executable packaged with
tElock. Proxy ports changed to 1555, 2001, and 2280-2285.
Send-Safe 2.14 6/28/2003 Web page updated. Re-release of the same code; no code change.
SSSG 7/1/2003 SSSG is observed using a new, unreleased version of Send-Safe. This version is believed
to be a pre-release of Send-Safe 2.16, possibly 2.15.
SSSG 8/9/2003 SSSG observed relaying through a system with ports 3380-3385 open. The open services
match Sobig-F.
Sobig-F 8/18/2003 Compiled August 17, 2003, public announcements 2 days later. Deactivates September
10, 2003. Executable packaged with tElock. Includes encrypted command structure and
remote control. The proxy ports changed to 2555, 3001, and 3380-3385.
SSSG 9/30/2003 SSSG is observed using a new, unreleased version of Send-Safe. This version is later
determined to be the final release of Send-Safe 2.16, before the public release.
Proxy Scanner 1.6 9/30/2003 New Send-Safe Proxy Scanner released. Coincides with a sudden end of SSSG traffic.
Send-Safe 2.16 10/6/2003 The official release of Send-Safe 2.16. Coincides with a sudden restart of SSSG traffic.
Send-Safe 2.17a 10/17/2003 Compiled on October 17, 2003. The web page still indicates version 2.16.
HPH 1.0 11/11/2003 The first release of Send-Safe’s “Honeypot Hunter”.
Send-Safe 2.17b 11/18/2003 The web page was updated to “2.17 beta” but the web page’s date still says October 6,
2003.

4
Source: “Sobig.a and the spam you receive today.” by Joe Stewart, Lurhq. <http://www.lurhq.com/sobig.html>.
5
Source: “Evolution of the Worm.” by Joe Stewart, Lurhq. <http://www.lurhq.com/sobig-e.html>.
Who Wrote Sobig? Copyright 2003-2004 Authors Page 10 of 48

4 ISC Malware Scans and Public Announcements

At present, it is inconclusive whether the developers of Send-Safe actually created the virus or simply sponsored the
creation. It is equally ambiguous whether SSSG sponsored the creation of Sobig, requested additional proxies, or
just utilized what was originally provided to them. What we do know is that SSSG and Send-Safe were observed to
be using Sobig-infected systems before the actual public announcement.

4.1 Public Announcements

An email was received from SSSG on June 18, 2003. This email was received from IP address “200.75.209.87”,
located in Cable Onda, Panama (City), Panama (Country). A scan of that particular host revealed the following:
2285/tcp = SMTP server
2284/tcp = POP3 server
2283/tcp = WinGate FTP server
2281/tcp = telnet server of some kind. Prompt says “MNGTR>”
2001/tcp = unknown server.

Why so many open systems services were running was inexplicable at the time. It simply appeared that more than
likely the system had been compromised. Between the 18th and 25th of June 2003, additional email messages
originating from SSSG were observed coming from other systems with the identical open ports.

Concurrently, the previously mentioned Send-Safe groups DHS and “Mr. Yahoo” were explicitly relaying through
both open socks servers and HTTP proxies – systems that did not have the same open ports as the hosts used by the
SSSG. Additionally, there were no other non-Send-Safe spam groups observed originating from this particular type
of compromised host system.

The Sobig-E virus was officially identified and publicly announced on June 25th, 2003. Sobig-E opens the identical
services and ports used by the SSSG. Simultaneously, the Internet Storm Center had begun reporting an increase in
scans for port 2280 just prior to the Sobig-E public announcement. This increase in port 2280 scans directly
corresponded with the SSSG’s employment of infected systems.

An email received from SSSG on August 9th, 2003 displayed a similar Sobig-F pattern. Using the ‘nmap’ and
‘nessus’ utilities to scan the host system, we identified a telnet service with an “MNGTR>” prompt and many open
services on ports 3380-3385. Additionally, on August 16th, 2003, the Internet Storm Center began noticing an
increase in port 3380 scans. The Sobig-F malware that opens these particular ports and this particular “MNGTR>”
service was not publicly announced until August 19th, 2003 (Fig. 5).
Who Wrote Sobig? Copyright 2003-2004 Authors Page 11 of 48

Fig. 5 The Internet Storm Center had recorded an increase in port 3380 scans a few days prior to the August
19, 2003 public announcement of the Sobig-F malware.

Soon after the Sobig-E and Sobig-F viruses had been publicly announced, other spam groups began to relay through
open proxies via Sobig-infested systems. There was only a time span of a few days to a few weeks between the
public announcement and the observed port use by other parasitic spam gangs. Of the identified Send-Safe spam
gangs, only a few had not modified their scanning to include the Sobig proxy ports.

Although the Sobig releases appear to have direct links to the SSSG, Sobig was not the only malware being
employed by the SSSG prior to the Sobig public announcements. SSSG had been observed relaying via systems
with an open web proxy on other ports, specifically 5490/tcp as early as June 9th, 2003 (Fig. 6). This directly
coincides with an increase in 5490 port scans and actually predates the use of other spam groups relaying through
systems on this specific open port. However, the actual service that was responsible remains unidentified. It is also
unclear if SSSG had actually discovered the proxy on their own, if Send-Safe had discovered it and notified SSSG,
or if some other custom malware was directly responsible.
Who Wrote Sobig? Copyright 2003-2004 Authors Page 12 of 48

Fig. 6 The Internet Storm Center reported an increase in scans for port 5490 during a time when SSSG was
observed using systems with port 5490 open.
Who Wrote Sobig? Copyright 2003-2004 Authors Page 13 of 48

5 So, Who Wrote Sobig?

Since a public confession has not been made as to the original Sobig malware author(s), we have identified four
particularly unique attributes that must be known in an attempt to identify the author(s).
1. Advanced knowledge of the virus;
2. Skill to develop it;
3. Access to the source code;
4. Motive to write the malware.

5.1 Advanced Knowledge of Sobig

During our investigation it became apparent that some individuals appeared to have advanced knowledge of the
Sobig release. Typically anyone with advanced knowledge would either be in direct/indirect contact with the
malware author(s), or have the unique potential to be the actual malware author(s). Even though anyone with a
malware software toolkit could have created Sobig, virus writers for the most part rarely retain the information
within themselves, at least for a long time.

This investigation documents three very substantial correlations indicating potential knowledge of the actual
malware author:
1. SSSG had been using Sobig prior to the public announcement. This indicates insider knowledge between
SSSG and the Sobig virus. This also implies a direct/indirect relationship between the Sobig virus author(s)
and SSSG;
2. SSSG had been using Send-Safe versions prior to public release. This implies special treatment and a
possible direct relationship: SSSG knows the Send-Safe team, and the Send-Safe team knows SSSG;
3. The Send-Safe bulk-mailing tool software releases directly coincide with the Sobig releases. This also
implies a close relationship between the Send-Safe software and the Sobig malware author(s).

However, it is unclear if the Sobig author(s) is an actual member of the Send-Safe development team, a part of the
SSSG or an independent. Due to the apparent relationship between SSSG, Send-Safe and Sobig, it is very plausible
that any of these participants could lead to the Sobig author(s).

As SSSG appears to be a sizable organization, it would seem unlikely that any individual within the group would
actually know the Sobig author(s). It is also unlikely that a specific individual from within SSSG can be easily
identified due to their use of Send-Safe.

Contrastingly, a Send-Safe developer is known who operates the Send-Safe product line (application, bulk-mailer,
proxy scanner): Ruslan Ibragimov. Although it is unknown if Ibragimov is the sole developer, or if his team co-
authored Sobig, it seems highly plausible that Ibragimov may actually know the Sobig author(s).

5.1.1 About Ruslan Ibragimov

Ruslan Ibragimov is a known software developer who has created a variety of tools:
• Log Analyzer6 for the IMail server (imla.exe), written in Delphi;
• IcqVampire7, a tool for harvesting email addresses from the ICQ white pages;
• Send-Safe, a bulk-mailing tool, compiled using C++.

Through public forum communications, we have determined Ibragimov to possess the following technical skills:
• Programming languages: Delphi, Microsoft Visual C++, Pascal;
• Databases: SQL, Oracle, Sybase;
• Applications: SMTP, Proxy clients, ICQ, and Windows GUI development.

6
http://www.ipswitch.com/support/IMail/helperapps.html
7
http://www.happywebonline.it/archivio/10-2002/speart.htm
Who Wrote Sobig? Copyright 2003-2004 Authors Page 14 of 48

Ibragimov’s address on record is 12 Krasnokazarmennaya, 111250, Moscow, Russia. Previous known email
addresses (no longer active) include <rusoil@mail.ru>8, <ruslan@rusoil.net>9, and <ruslan@albea.rb.ru>10. As the
latter two email addresses are from universities, it is probable that Ibragimov may have attended Ufa State Aviation
Technical University around 1998, and the Ufa State Petroleum Technical University sometime in 2000 and 2001.

5.1.2 About Send-Safe

Although an individual may have authored Send-Safe, it is a fairly large and complex application that requires
detailed knowledge of networking, multi-threaded programming, SSL, cryptography and more. Although Ruslan
Ibragimov demonstrates skill and knowledge in these areas, there is no definable identifier that he is the sole
developer. In our review of the Send-Safe executable code, there are numerous traits that suggest multiple
developers, which indicates Ibragimov may actually manage a team of developers.

5.2 Skill to Develop Sobig

Developing the Sobig malware would require a thorough knowledge of Microsoft Visual C++, self-compressed
executables, email and spam, and proxies. Since Sobig is believed to have been released by posting the virus directly
to newsgroups, knowledge of newsgroup (NNTP) would also be required. Unlike the Send-Safe executable, Sobig is
very small in size, was created with special care to hide the author’s identity, and could have easily been developed
by a single individual.

Unless otherwise specific, the following versions of Sobig and Send-Safe that are listed below refer to Sobig-F and
Send-Safe 2.16.

5.2.1 Skill: Microsoft Visual C++

The Sobig virus was compiled using Microsoft Visual C++, which is the same type of compiler used to compile
Send-Safe. Although it is unclear if the exact same Microsoft Visual C++ compiler was used, Send-Safe appears to
also have been compiled using Microsoft Visual C++ and Borland C++.

5.2.2 Skill: Self-Compressed Executables

The phase-1 Sobig malware executable was “packed”, i.e. a self-compressed executable. The Sobig-A, Sobig-E, and
Sobig-F were packed using tElock by tHE EGOiSTE/TMG; while Sobig-B and Sobig-C were packed using UPX.
Both tElock and UPX packing tools include compression and encryption and very commonly used among virus
writers. These tools are freely available and require very little skill to use.

Similar to tElock and UPX, the Send-Safe executable was compressed using ASPack by Alexey Solodovnikov. ,
Even though the packing software itself is different, this demonstrates that the Send-Safe developers have an
awareness of self-compressed and encoded executables.

5.2.3 Skill: Email and Spam

Well designed email messages are one method used by Sobig to self-propagate and use spam-techniques to hide the
origination system. Two techniques that Sobig employs when propagating by email are “direct delivery” and
“bounced delivery”. Direct delivery is when the email is sent directly to the recipient. In this approach, the header
information is forged, including the originating hostname and “From:” email address. Key items from the Sobig
email header are:
• The header order:
o From, To, Subject, Date, Importance, X-Mailer, X-MSMail-Priority, X-Priority, MIME-Version,
and Content-Type;
• A “Message-ID” header is not present;
• The “Date” contains a programming error.

8
Source: WHOIS domain registry information for the domain “send-safe.com”.
9
Source: newsgroup postings circa 2000-2001.
10
Source: newsgroup postings circa 1998.
Who Wrote Sobig? Copyright 2003-2004 Authors Page 15 of 48

o If the random time zone is negative, then it is displayed with two negative signs. For example,
“Date: Fri, 4 Jul 2003 0:08:45 --0700”;
• The “X-Mailer” value is “Microsoft Outlook Express 6.00.2600.0000”.

The bounced delivery propagation technique is when email is sent to a non-existing email address, and a mail
daemon returns the undelivered email back to the sender. By forging a recipient’s email address within the “From”
address, the mail daemon then completes the delivery by including the malware in the “undeliverable” email reply.

Authoring Sobig would require knowledge of email generation, delivery, and spam-techniques for obscuring the
originating host. Ruslan Ibragimov has demonstrated these skills with the Send-Safe bulk-mailing tool.

5.2.4 Skill: Proxies

To remain anonymous, a spam senders must relay through an open proxy. Many malware applications create their
own proxy servers for spam to relay. For example, W32.Mimail.gen@mm worm11 contains code for opening a
proxy server. In contrast, Sobig contains no code for opening proxy servers; Sobig retrieves the proxy tool
“WinGate” and installs it on the infected system.

As the skill necessary for installing WinGate is minimal, it is likely that the Sobig author(s) has limited or no
experience at developing proxy servers. Ruslan Ibragimov has not been observed demonstrating a proficiency in
proxy server development.

5.2.5 Skill: Newsgroups

It is widely believed that the outbreak of each Sobig virus began when infected files were placed within newsgroup
forums (NNTP). As newsgroups are extremely common and easy to post messages to, it is likely that the virus
author is familiar with newsgroups and is not someone new to NNTP. Although there may be many individuals and
groups that fit this particular profile, it cannot be used to rule-out Ruslan Ibragimov; Ibragimov has been posting to
newsgroups since at least 1998.

5.3 Access to Sobig Source Code

There are many similarities between the Sobig and Send-Safe executables, including the generated email header
formats, programmer coding conventions, and identical opcode sequences.

5.3.1 Similar: Header Ordering

Different spam tools will generate different email headers. The email header that was generated by Sobig is very
similar to the header generated by Send-Safe.

Send-Safe 2.14 email header Sobig-F email header

Message-ID: <036a55d03c4c$8127a7d8$6bc21ae1@hhutma>
From: <alastairbaileymf787@flash.net> From: <info@nofear.ch>
To: <user@domain> To: <user@domain>
Subject: **You're ~Approved~* Subject: Thank you!
Date: Wed, 26 Mar 2003 13:21:50 -0000 Date: Tue, 26 Aug 2003 14:29:47 --0400
MIME-Version: 1.0 X-MailScanner: Found to be clean
Content-Type: multipart/mixed; Importance: Normal
boundary="----=_NextPart_000_00B0_40A21C5D.D8133A18" X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-Priority: 3 (Normal) X-MSMail-Priority: Normal
X-MSMail-Priority: Normal X-Priority: 3 (Normal)
X-Mailer: QUALCOMM Windows Eudora Version 5.1 MIME-Version: 1.0
Importance: Normal Content-Type: multipart/mixed;
boundary="_NextPart_000_0661EBB9"

Both Sobig and Send-Safe email headers contain the same four generic-email “required” header fields; From, To,
Subject, and Date at the beginning and in the same order. But, Sobig does not contain a Message-ID field.

11
Source: http://hq.mcafeeasap.com/dispVirus.asp?virus_k=100796
Who Wrote Sobig? Copyright 2003-2004 Authors Page 16 of 48

Following the required headers are the “optional” headers for generic email traffic. Even though these fields are
considered optional, they are always present in email generated by both Send-Safe and Sobig. The optional headers
are listed in the exact opposite order (Importance, X-Mailer, X-MSMail-Priority, and X-Priority). The value of these
options vary with different Send-Safe versions, but the values used in Sobig-F match the values from Send-Safe
2.14.

Lastly, the MIME-Version and Content-Type headers are listed in the exact same order, including the same
indentions.

Although these subtle differences suggest separate source code, the similarities suggest that Send-Safe was the
template, and not other mailing programs such as Outlook, Netscape, The Bat!, or AMS.

As these other independent email tools generate their headers with very different ordering, it would seem unlikely
that the Sobig author(s) determined the email headers and values independently.

5.3.2 Similar: Coding Conventions

The Sobig malware has a significant number of coding conventions that are very similar to Send-Safe:

• String concatenations. The Sobig virus uses static email header values, i.e. the string “X-Mailer: Microsoft
Outlook Express 6.00.2600.0000”
does not vary. Although the string is static, the code that generates it
concatenates two independent strings: “X-Mailer: ” and “Microsoft Outlook Express 6.00.2600.0000”. The
concatenation suggests that the developer reused code with a static value (“Microsoft...”) rather than simply
encoding the entire static string.

The majority of bulk mailing tools concatenate the field and value pairs like Sobig. Send-Safe uses a
concatenation function to combine the header information with the dynamic value strings. This suggests
that Sobig used existing code for generating an email header, and then modified it to concatenate static
strings rather than simply hard-coding the static header values.

• Use of “%s”. When concatenating strings, there are many different approaches that can be used, i.e. a C++
programmer can use “.” or “+” for concatenation, or the old-style C notation “%s”. There are also string
concatenation functions such as ‘strcat()’.
o When generating the email header, both Send-Safe and Sobig do not use “%s” to concatenate
strings. But, when establishing a connection to an email server (SMTP connection), both Send-
Safe and Sobig use “%s”. The strings used by Send-Safe and Sobig are identical. For example,
“RCPT TO: <%s>\r\n\0” (hex: “52 43 50 54 20 54 4F 3A 20 3C 25 73 3E 0D 0A 00”).
The use of multiple concatenation approaches, with identical approaches for identical functionality is a
significant correlation.

• Unused strings. The Sobig executable contains the string “Message-ID”, even though the virus never
generates a Message-ID in email that it sends. This particular unused string also suggests reuse of code.

• String ordering. In compiled executables, strings are generally listed in the order that they appear within
the source code and are not necessarily listed in the order that they are used.12 The string ordering in Sobig
is similar to the ordering in Send-Safe. For example:

12
Executables are created in a two-step process. First, the source code is compiled into an object file. Second, all
the object files are linked into a single executable. All of the strings in the source code are grouped in the object file.
The order of the strings in the object file match the order they were found in the source code (from top of file to
bottom). The linker groups all strings from the object files in the same area of the executable. The order of the
strings matches the object file linking order. Large groups of strings may be in a different order depending on the
linking, but the local cluster of strings will not change as the executable is created.
Who Wrote Sobig? Copyright 2003-2004 Authors Page 17 of 48

Sobig-F strings Send-Safe 2.16 strings

_NextPart_001_%8.8X ----=_NextPart_FFF_FFFF_FFFFFFFF.FFFFFFFF
This is a multipart message in MIME format Message-ID:
%s: %s Microsoft Outlook
Message-ID Reply-To: {%From%}
MIME-Version From: {%From%}
{%To%}
Subject: {%Subj%}
MIME-Version: 1.0

Since Send-Safe is a much more complex program than Sobig, Send-Safe has many more strings to indicate
the additional options. However, the overall ordering, with the unused “Message-ID” string following the
“_NextPart” string and preceding the “MIME-Version”, indicates a semi-unique function ordering (unique
order of strings in the source code) between the two code bases.

Even though both programs generate email and are expected to use these strings, neither program lists these
strings in usage order. (For usage ordering, the Message-ID would be listed first, followed by From, To,
Subject, etc., and ending with MIME-Version, Content-Type, and _NextPart boundary. The usage order
should match the email header ordering.) This particular unique string ordering suggests source code with
functions that use these strings being listed in the same order. The matching string order indicates a similar
(or same) code base. It seems very possible that Send-Safe and Sobig used the same basic code base, while
the Sobig author(s) simply removed unnecessary functionality from the source code.

The following unlikely coincidences suggest a common-code base or the same author(s) between Sobig and the
Send-Safe code base:
1. Use of general string concatenations when creating the email header, but “%s” when communicating to an
SMTP server;
2. Similar string ordering;
3. Sobig’s unused string (“Message-ID”) listed in the same string order (between “_NextPart...” and “MIME-
Version”) as Send-Safe.

There are no similarities to other email programs when comparing the Sobig and Send-Safe string ordering.
The string order comparison was done against the Atomic Mail Sender (AMS) version 2.26, The Bat! version 1.62,
Microsoft’s Outlook Express for Windows 2000 and Outlook 200013, elm version 2.5 PL6, mutt version 1.2.5.1i,
and pine version 4.44. Therefore, these other email programs are very unlikely to share any code base with Sobig or
Send-Safe.

5.3.3 Similar: Opcode Sequences

When creating executable software, source code is written and then compiled into object code. Object code is then
linked into operation code (opcode) sequences. High-level programming languages such as Visual C++, provide
many different ways to create the same functionality. Different implementations for programming the same
functionality will result in different opcode sequences. Knowing this, there are only a few conditions that can
generate identical opcode sequences:
1. The compiler may optimize small sections of simple functionality (such as a loop to initialize a variable).
The optimization may result in identical opcode sequences from different coding implementations. The
identical opcode sequences are unlikely to be larger than 64 bytes;
2. The compiler may have generic templates for common functionality, which is usually the case for the start
of any executable program, calls to common library functions, and padding between linked objects;
3. Programs that include library functions (“statically linked libraries”) will contain the same opcode
sequences due to the inclusion of identical code.

13
Based on string order comparisons, only Microsoft’s Outlook and Outlook Express are similar. These programs
very likely share a common code base.
Who Wrote Sobig? Copyright 2003-2004 Authors Page 18 of 48

During this investigation, we compared Sobig-F with the Atomic Mail Sender (AMS) version 2.26, Sobig-E, Send-
Safe 2.17a installer, and Send-Safe 2.17a installed executable14. The comparisons were done using a full-sequence
comparison system (similar to the Unix program ‘diff’, but it compares all sections of code with all other sections –
see Appendix A for the detailed comparison).

Here were some of our findings:

• Comparing Sobig with AMS. AMS and Sobig contain common high-level functionality, as both programs
generate and send email. Although there are many ways to create this functionality in source code, it is
extremely unlikely that two people working independently would generate similar opcode sequences for
this type of functionality. From the results of our comparisons, the first 1K of memory indicated that they
are very similar types of executables. The padding at the end of memory boundaries match, indication
similar compilers. However, no part of Sobig’s executable opcode sequence matches AMS. A lack of
similarity from this comparison is expected since, although both programs send email, different developers
are believed to have created them.

• Comparing Sobig-F with Sobig-E. Unlike the AMS comparison, there are very large blocks of similar and
identical opcode sequences between these different revisions, indicating a very similar code base. There are
some differing segments, indicating source code changes between Sobig-E and Sobig-F. The similarity
between these two programs is expected since the same developer is believed to have created both
programs; Sobig-F is a later revision of Sobig-E.

• Comparing Sobig with the Send-Safe installer. The Send-Safe installer is an executable archive that
installs Send-Safe. The only common high-level functionality between Sobig and the installer is the
creation of files on the local computer. Like the AMS comparison, there are similar sections with the initial
1K of memory and end of memory boundaries, and there is some similarity with library function calls and
linking with static libraries, indicating similar compilers. However, the complete lack of matching
executable opcode sequences clearly indicates completely different code bases. This lack of similarity is
expected since the developer of the installer-building program was unrelated to the Sobig or Send-Safe
developers.

• Comparing Sobig with Send-Safe executable. The Send-Safe executable has the same high-level
relationship with Sobig as AMS since they both generate and send email. Yet there are significant blocks of
similar and identical opcode sequences between Sobig and Send-Safe. These similar, and in very many
instances, identical sections of opcode sequences, are not due to compiler optimizations or common library
functionality, as some of these similar blocks are over 1K in size. The similar code appears to focus on the
generation and sending of email. These similar/identical opcode sequences imply the same source code
base.

Within the scope of our comparison we can conclude that the developer of the Sobig virus reused source code from
Send-Safe for the creation of code that generates and delivers email in Sobig15. The source code to Send-Safe is not
public or open sourced, as Ruslan Ibragimov owns the source code and appears to keep the code private.

In summary for any non-technical readers, this significant appearance of similar and identical opcode sequences
within the Send-Safe and Sobig software should be considered as significant as finding a fingerprint on a murder
weapon. Although this very close similarity does not constitute guilt, it suggests a very strong correlation.

14
The Send-Safe installed executable is encrypted and compressed. When it is executed, the program unpacks itself
in memory. For the comparison, we executed Send-Safe 2.17a and then stored all the program memory (25
Megabytes) into a file. The file contains both the unencrypted and uncompressed Send-Safe executable and all
dynamically loaded libraries. Our test was performed on a clean-install system that had never accessed Sobig,
ensuring that any similarities are not due to Sobig residing on the system.
15
Send-Safe predates Sobig by more than a year. It is unlikely that Ruslan Ibragimov acquired the source code from
Sobig for use in Send-Safe.
Who Wrote Sobig? Copyright 2003-2004 Authors Page 19 of 48

5.4 Motive to Write Sobig

Senders of spam typically relay their email messages through open proxy servers in a continuing effort to obscure
the true sending host. With the proliferation of blacklists and other anti-spam systems, spam senders are finding it
more and more difficult to locate available open proxy servers. By opening multiple proxy services on millions of
compromised systems, a spam sender could very quickly and anonymously relay messages without the fear of being
identified.

Sobig provides the following two benefits for spam senders:

1. Sobig opens multiple proxy servers on systems that are not blacklisted;
2. Sobig spreads very quickly, infecting and re-infecting millions of systems in under a week.

These benefits provide spam senders with a very large base of open proxy servers. Even though most of the infected
systems will be cleaned within a week, there will be some systems that will remain infected to continually provide
open proxies for weeks or even months.

We believe that Sobig was most likely written to support spam software. Any user or developer of spam mailing
software, including Ruslan Ibragimov and Send-Safe, would be financially eager to leverage malware such as Sobig.
Who Wrote Sobig? Copyright 2003-2004 Authors Page 20 of 48

6 Conclusion
Based on our findings and the items we have identified within the scope of this document, we strongly believe that
Ruslan Ibragimov of Russia, and/or Ibragimov’s development team, authored Sobig. Ibragimov has demonstrated an
advanced knowledge of Sobig outbreaks, the skills necessary for developing Sobig, access to the source code base
used to develop Sobig, and a clear motive for creating the Sobig malware.
Who Wrote Sobig? Copyright 2003-2004 Authors Page 21 of 48

7 Appendix A
The following table shows a comparison of the bytes in the Sobig-F executable when compared with the unpacked
Send-Safe 2.16 executable.
• The memory address refers to the location within the Sobig-F executable;
• A space (“ ”) indicates a byte in Sobig that has no corresponding match in Send-Safe. Only absolute
matches (exact same byte value) are permitted;
• A dot (“.”) indicates a byte value in Sobig that may correspond with a sequence in Send-Safe;
• A star (“*”) indicates a byte value in Sobig that positively corresponds with a sequence in Send-Safe. A
positive match assumes at least 16 sequential matching bytes, showing that the byte is the same and in the
same context;
• A zero (“0”) indicates a large sequence of zeros, usually used for padding between memory sections.

So in simple terms, the following legend will help as you peruse thru the comparison table:
• A large section of dots and spaces indicate no matches;
• A section of stars and dots indicate a successful match;
• The initial match (memory 00000000 – 00001000) indicates a Windows executable and is common for
many programs;
• The final match (beginning around 0001A1C0) indicates shared libraries;
• The significant matches in the middle (such as 0000A780 – 00014680 and 000164C0 – 00016C00) suggest
common source code.

00000000 |****************************************************************|
00000040 |****************************************************************|
00000080 | . . . . .|
000000C0 |. ................. .. . . ......... . . .....|
00000100 |. ...... ... ... .... ......... ................. ......... ...|
00000140 |................................. .. .00000000000000000000000000|
00000180 |*******000000000000000000000000000000000000000000000000000000000|
000001C0 |*******000000000000000 .. .. ....... ...000000000000000000|
00000200 |*. . .. .... .. .... .................. ...... ...... *|
00000240 |*****************. . ...... .. ..............................|
00000280 |...................000000000000000000000000000000000000000000000|
000002C0 |0000000000000000000000000000000000000000000000000000000000000000|
00000300 |0000000000000000000000000000000000000000000000000000000000000000|
00000340 |0000000000000000000000000000000000000000000000000000000000000000|
00000380 |0000000000000000000000000000000000000000000000000000000000000000|
000003C0 |0000000000000000000000000000000000000000000000000000000000000000|
00000400 |0000000000000000000000000000000000000000000000000000000000000000|
00000440 |0000000000000000000000000000000000000000000000000000000000000000|
00000480 |0000000000000000000000000000000000000000000000000000000000000000|
000004C0 |0000000000000000000000000000000000000000000000000000000000000000|
00000500 |0000000000000000000000000000000000000000000000000000000000000000|
00000540 |0000000000000000000000000000000000000000000000000000000000000000|
00000580 |0000000000000000000000000000000000000000000000000000000000000000|
000005C0 |0000000000000000000000000000000000000000000000000000000000000000|
00000600 |0000000000000000000000000000000000000000000000000000000000000000|
00000640 |0000000000000000000000000000000000000000000000000000000000000000|
00000680 |0000000000000000000000000000000000000000000000000000000000000000|
000006C0 |0000000000000000000000000000000000000000000000000000000000000000|
00000700 |0000000000000000000000000000000000000000000000000000000000000000|
00000740 |0000000000000000000000000000000000000000000000000000000000000000|
00000780 |0000000000000000000000000000000000000000000000000000000000000000|
000007C0 |0000000000000000000000000000000000000000000000000000000000000000|
00000800 |0000000000000000000000000000000000000000000000000000000000000000|
00000840 |0000000000000000000000000000000000000000000000000000000000000000|
00000880 |0000000000000000000000000000000000000000000000000000000000000000|
000008C0 |0000000000000000000000000000000000000000000000000000000000000000|
00000900 |0000000000000000000000000000000000000000000000000000000000000000|
00000940 |0000000000000000000000000000000000000000000000000000000000000000|
00000980 |0000000000000000000000000000000000000000000000000000000000000000|
000009C0 |0000000000000000000000000000000000000000000000000000000000000000|
Who Wrote Sobig? Copyright 2003-2004 Authors Page 22 of 48

00000A00 |0000000000000000000000000000000000000000000000000000000000000000|
00000A40 |0000000000000000000000000000000000000000000000000000000000000000|
00000A80 |0000000000000000000000000000000000000000000000000000000000000000|
00000AC0 |0000000000000000000000000000000000000000000000000000000000000000|
00000B00 |0000000000000000000000000000000000000000000000000000000000000000|
00000B40 |0000000000000000000000000000000000000000000000000000000000000000|
00000B80 |0000000000000000000000000000000000000000000000000000000000000000|
00000BC0 |0000000000000000000000000000000000000000000000000000000000000000|
00000C00 |0000000000000000000000000000000000000000000000000000000000000000|
00000C40 |0000000000000000000000000000000000000000000000000000000000000000|
00000C80 |0000000000000000000000000000000000000000000000000000000000000000|
00000CC0 |0000000000000000000000000000000000000000000000000000000000000000|
00000D00 |0000000000000000000000000000000000000000000000000000000000000000|
00000D40 |0000000000000000000000000000000000000000000000000000000000000000|
00000D80 |0000000000000000000000000000000000000000000000000000000000000000|
00000DC0 |0000000000000000000000000000000000000000000000000000000000000000|
00000E00 |0000000000000000000000000000000000000000000000000000000000000000|
00000E40 |0000000000000000000000000000000000000000000000000000000000000000|
00000E80 |0000000000000000000000000000000000000000000000000000000000000000|
00000EC0 |0000000000000000000000000000000000000000000000000000000000000000|
00000F00 |0000000000000000000000000000000000000000000000000000000000000000|
00000F40 |0000000000000000000000000000000000000000000000000000000000000000|
00000F80 |0000000000000000000000000000000000000000000000000000000000000000|
00000FC0 |*******000000000 .............................................|
00001000 | . . . ***************** .. ..... ..|
00001040 | ... .. . .. . ... ... . . . . . . ... |
00001080 | . . ... . . ... . .... .. ... . ...|
000010C0 |. .. . . . . .. ... ... .. |
00001100 | ..... . . . ........ .. . ... . ........ . .|
00001140 | .. . ...... . .. .. .... .. ... .... .. . . |
00001180 | . . .. ... . ... ..... .. ... .. . . . . .|
000011C0 | .. . . .. . . . .... . .. . .. .... |
00001200 | . . . . . . .. . . . .. . . .... . . |
00001240 |.. .... . .. . .... . .. . . .. . .. ..|
00001280 |. .. ..... ... . .. . . . . ... . .|
000012C0 |.. . . . .. . .... . .. . . .. .. . |
00001300 | . .. ..... .. . .. . . .. ... . |
00001340 | .... . . . . . . . . . . . ....|
00001380 | .... . . .. . . .... . . ...... .... .. |
000013C0 | .... .. .. .. .. . . ... . . . .|
00001400 |.. . .. .... .. . .. . . . . |
00001440 | . .. . . .. . . . .. .. . . |
00001480 |. .... . . . . . . ...... .... . . . |
000014C0 | . .. . .. . . . . . . . ....... . |
00001500 |. .. .. ... . .. . . .. ... .. .. . . .. . |
00001540 | . .. . . . .. . .. . . ... |
00001580 |.. . .. ...... . . . .... .... .|
000015C0 |.... ......... ...... . .. .. ...... .. ..|
00001600 |.. .. . . .... . .. ... . .... . .. . . |
00001640 | .. . .. . .. . .. .. . .. ..... . .. .. . .... |
00001680 | . . . .... . .... . .. ..... .... . .. . . . . .|
000016C0 | .. . . .. . ... .. . .. . . ... |
00001700 | .. .. .. ... .. . ... .. . . ....|
00001740 | .. . . . .. . .. .... ... ... ...... .|
00001780 |.. . . . . . .. . ...... . .. ..... . .|
000017C0 | .. .. .. ..... .. . .. . .. . .. . .. . .. |
00001800 | .. . .. ..... .. .... ... ... . .. |
00001840 | .. ... .. . .. . .. . .. .. . .... . |
00001880 | . . . .. .... . .... .. . . ...... .. . .|
000018C0 |... . .... .. . . . . .. . . . .. . . . ... |
00001900 | . .. . .. . . .... . .. . .. . .... .. . . ..|
00001940 | . .. .. . .. . . . .... .. .... . . ... .. |
00001980 | .... . . . ... . .... . .. .. .. . ... . |
000019C0 | .. .. . .. . . ... . .... . .. . ...|
00001A00 |..... .. .... .. . . . . .... . .. |
00001A40 |.. .. . .. .. ..... .... ... . .|
00001A80 |. . . . .... ... .. . ... .... ... .. . .. |
00001AC0 | . .... . .. . .... . .... .... |
00001B00 | .... . . .... . .. ... . . .. ..... . ... .. .. .. |
00001B40 | . .. . .... .. ....... ... .. . . |
00001B80 | .. ... .. .. ... .. . . .. ....... . |
Who Wrote Sobig? Copyright 2003-2004 Authors Page 23 of 48

00001BC0 |.... ... .. .... .. .. . . . . .. .. .. .. . |

00001C00 | . .. . .. . . .. .... . . ... |
00001C40 |. . .. . .. . ... . .. . . . . ..... ... .|
00001C80 |. .... . .. . .. . . . . ...|
00001CC0 | .. ... ... . .. .... .. . . .. ... . . . . . .|
00001D00 | . . . .... ... . . .... ..... .. .. . ..|
00001D40 | .. .... .. . ... . . .. . .. .. .. . |
00001D80 |... . ... ... . ... . .. ... ...........|
00001DC0 |... .. . .... ... .. .... . . .... |
00001E00 |. . .. ........ ... .. .. .. . .. ... ... |
00001E40 | .. ... . .. . ... .. ... .. .. .. . |
00001E80 | . . . .. .. . . ... . . . . .. .. . .. . |
00001EC0 | . . .. . . . .. .. .... .... .. ... . .|
00001F00 | . . ... ... . ..... . .. .. .. . . . |
00001F40 |....... . .. . . . . . . .. . . .... .... . |
00001F80 | . . . . .... . . ... . .. .. |
00001FC0 |. ... . . . ... ... . . . .. . |
00002000 | . .. .. .. . ..... . . .... . ....... .. |
00002040 |. . . .. .. ... . ... . .... .. ...|
00002080 |. . .. ...... . . . .. . . .... . . |
000020C0 | . . .. . . .. .. .. . .... . . .. .. .. |
00002100 | ... ... .. . .. . .. ... . . .. . .. . ... . . |
00002140 |. .. . . . . . . ... ... . . .. .. .. . ..|
00002180 | . . . . .. .... .. . .. . . ... . . .|
000021C0 |... . .. . .. ... .. .. .. .. . .. ........ ...|
00002200 | . ... ...... .. .. . . . .. .. .. . . ... .|
00002240 |...... . ... ... .. . . . .... ...... ..|
00002280 | .. . .. .. ... .. . . . . .. ..... |
000022C0 | . .. . .... ...... ... . . . ... ... |
00002300 |. . . .... . .. ...... .. . ....... .. .. |
00002340 | . . . ..... . . ...... . ... .. . ...|
00002380 |. .. .... . . . ..... .. .... .... . .... |
000023C0 |. .. . ... . ..... ... .. . . .. . .. . ..... . |
00002400 | . .. .. . ....... . .... ..... ... . |
00002440 | . ... . . . . ... ... . . .. .... .... ........ |
00002480 | .. . . .. ... .. . . .. ... . . ...|
000024C0 | ... . .. ... . . . . .. .. . .. .|
00002500 | . ... . ......... ... .. . . . .. . . .. ... . |
00002540 | . .... . . . .. .. . . .. . ..... ... |
00002580 |. . . .. .. .. . . ... . . . . ... |
000025C0 | . . . .. ........ .... .... . .. . ... . .|
00002600 | . .. ..... ..... . . ...... ..|
00002640 | .... . .. .. . .. . . . ... ... .. . . |
00002680 |.. .. ... ......... . .... .. . ... .... .. |
000026C0 | . .. . . ... . .. . .. . . .. |
00002700 |.. ........ ... . . .... .. ... . ..........|
00002740 |. . ... . . . . ... . . . .. .. . ..|
00002780 | . . ... . .. .. . .. . . .. . .|
000027C0 | . . .. .. .. ... ... .. . . ..... ... .. ...|
00002800 | . . .. .... . . .. . .. . . . . .. ... . |
00002840 |. . .. . . . . .. . .. .... ... .. |
00002880 | . ... ... . ... . .. . ...... . . . .. .|
000028C0 | ... .. .... .. . . .. . . . .|
00002900 | . ..... . . .... .. . .... ... . . .. ..... |
00002940 |. . ...... ... ... .. . . . . .. ... ..|
00002980 | . .. . ... ... ... ..... .. . . .. ... |
000029C0 | . . . .. . . .. .... ... . .... ... . |
00002A00 |.. . .... .. ... ... . . . . ... . . .. . .. |
00002A40 | ..... .. .. . . ..... . .. . . . . . |
00002A80 | .. . ... . . ... . . ..... .. ........ .. . .|
00002AC0 |. . . .... . . . .... .. . .. . . . . .. . |
00002B00 |... . . .. . . ... ... ..... . |
00002B40 |. . ...... ... .... . ..... .... .. .. .. . |
00002B80 | ... .......... ... .. . ... . . .. . ..|
00002BC0 |. . . .. . .... . .. ..... . ....... .|
00002C00 | . . ....... .. .. . . . .. . . . |
00002C40 |.. .. .... .. .. .. .. .... . ... . ... |
00002C80 |. .. .. . .. ... . ... . . ........ . ..... ... |
00002CC0 |. . ... .. . . .. . ... .. . .. ....... . . |
00002D00 |. . .. .... . . ... . . .. . . .... . .|
00002D40 |.. . . .... . ... . . . . ....... .. . . .|
Who Wrote Sobig? Copyright 2003-2004 Authors Page 24 of 48

00002D80 | . . ... . . . . .. . .. .. . |
00002DC0 | .. .. . . . . . . .. .. .. . . . . ... ..|
00002E00 |. .. . . . . . . .. .... . . |
00002E40 |.. .. .. . . . . . .. . .. . . ... .. |
00002E80 |.... . .. ... . .... . . . . . ..... ... ..|
00002EC0 |. .. . ... . . . . . . .. . . . .. .... . . .. |
00002F00 | . . .... . . ... .... ...... . . . . . . .|
00002F40 |.. . .. .. . . .. . ... ....... . . ... |
00002F80 | . . ... . . ... . .... . . . . . .. . ....|
00002FC0 |. .... . ... .. . .... . .... . . . . . . ....|
00003000 | . . .. . . ... . .. .... ... . ... |
00003040 | ..... . . .... .. .. . .... . . |
00003080 | . . .. . .... ... . .... ....... |
000030C0 | .. .. . .. ... . . . .. .. . . . .|
00003100 | .. .. ..... . ... . . ... ..... . ..... . .. |
00003140 | . .. . . . . . .... .. .... . . . |
00003180 | .. . . .. . .. .. . . . . . ..... . . .... ... |
000031C0 | .. .. ... . ... .... . .. . . |
00003200 |. ... . . .. . .. .... . ... . ........|
00003240 | ........ .. ...... ... . . . ... . . . .. |
00003280 |. . . . . . . . .. . . .. ... .. .. . . . . |
000032C0 | .. .. . ..... . . ... .... .. ... .. . .. .... |
00003300 |.. . . . . ... . .. . .. ... .. .. .. . ...|
00003340 |. . . ... . . . . ..... .... .. . . ..|
00003380 |. . . . .. . . ... ..... . . ..... |
000033C0 |.. ... . . . .. .. ... . .. . . . . .. . |
00003400 | ... .. .... .. .. .. ..... . .. .. .... ....... .. |
00003440 | .. .. . .. . .. . . . .. . . . .. . ....|
00003480 | . . . .... . .................. . .. |
000034C0 | . . . . . .. . .... .. . .... .|
00003500 | .. . . ..... . . . .... . .. .. .. |
00003540 | .. .. .. ... . .... . . .. . ....|
00003580 |.... . . ... . . . .. .. . .... ... .. . . .|
000035C0 |.. . . ... .... . . . . . . . . . . . . |
00003600 |. ... .... ..... .. . .. . . .. ... ..|
00003640 |.. .. .. . . .. . . . ... .. ...... . .. |
00003680 | . . . . . . ... . .... .. .. . . ..... ..|
000036C0 | ... .. . .. .. . .. . . . .. . . . ... . . .. |
00003700 | . . ... . . . . . . . .. .. ...|
00003740 | . .. . ... . .. . ... . . . . .... . |
00003780 | ... . .. ...... .. . . .. ..... ..... . |
000037C0 | . . .... . .. .... ..... . .... . . . . .... |
00003800 | .. . . . . . . . . ..... . ... .|
00003840 |.. . . . ..... . . ....... . .. . . . ...|
00003880 | . . ... .. .. .... ... .. .. .. .. . .|
000038C0 | . . . . ...... ..... .. .. . . .... |
00003900 |. . .. . .. ..... ... . . ... . ... .... . |
00003940 |.. .. . .. . . . .. .. . . ... ..... .|
00003980 |.......... . . .. ... .. .. . . . ..|
000039C0 | . ... . . .. .. |
00003A00 | .. . .. . . . . . . ..... .........|
00003A40 | . .... .. .. ... ... .. . ... . .. . .. .. |
00003A80 |.. . .. . . . . .. . . .. .. . ... . .... ..|
00003AC0 | .. . .. .. . .. .. . . .. ...... . . . . |
00003B00 | ... .. .... .. .. .. . . . .. ... . .|
00003B40 |... ............ .. ... .. .. . .. . . . |
00003B80 | . .. . .. .. . ....... ... . . ..... . .... . |
00003BC0 | .. . ... ... . .. .. . ..... ... .|
00003C00 |.. .. . . ... ... .. .. .. . . . ..|
00003C40 |.. ... .... .. . .... . ... .. . . .. ..|
00003C80 |..... .. . .. ... .. .. ... ... . .... |
00003CC0 |.. ..... .. . . .. . .. .. . . .... |
00003D00 |... .. . .. . . . . ... .. .. .. . . .... |
00003D40 |. . . ...... . .. .. . .. .. . .. .. . |
00003D80 |.. .. . . ... . .. . . . . . . ... .. . .|
00003DC0 |. . . . . . .. . . . .. . .. .. .......|
00003E00 | . . . . .. . ... . . . ..... . . . . |
00003E40 | ..... .... . . . . . . . ... .. .. ... .|
00003E80 |..... . . .. . . .. . . . ... ... ....|
00003EC0 | .. .. . . ... . . . . . ... .. . ....|
00003F00 |..... ...... .. . .. .. .. ... . . . |
Who Wrote Sobig? Copyright 2003-2004 Authors Page 25 of 48

00003F40 |. . ... . . .. . .... ................. ...... |

00003F80 | . ... . . ..... .......... . ......|
00003FC0 | . . .. .. .. . ... ... . ... . . ... .. .|
00004000 | . ... .. .. . .... .. .. ... . .. . |
00004040 | .. .. . ... ... .. .. . .. .. ... ..|
00004080 |. . ..... ... . .. . . .. . . . . |
000040C0 | . . .... .. . .. .. .. . . . . . ... . .|
00004100 |. . .. .. .. .... ..... ... . ... ..... |
00004140 | . . . .... .. .. . . . .. . . ..... . |
00004180 | . .. ... ...... . . ... .. . .... .. |
000041C0 | . . ... ... ..... . . . ...... . .. ..... |
00004200 |.. . . .. . ... . . . . .. .. .. ... |
00004240 | . .. .. ..... . . .. .. .. . ... . .. |
00004280 | . . ... .. . . . . . .. . . ... . . . .|
000042C0 |. . . .. . . . .. .... .. ... . ....... .......... |
00004300 |. . .. . . .. ..... ... . .... |
00004340 |. .... . .. .. .. . ... . . .. . . . ..|
00004380 | . . . . ... .. .. . .. . . .... .... . |
000043C0 |..... . . ... .. .. .... ... . ... .. ... . .. .. |
00004400 | . .... . . .. . . . .. . . .. . . .. .|
00004440 |.. .... . . .. . ... .. .... .. . |
00004480 | . ... . . .. .. . . ..... . . . .. ..|
000044C0 | .. . .. . .... .. . . .. . . ..... . |
00004500 |... ... .. ... . .. . .. .. . ... . ... .. .|
00004540 |.. ... . .... . . ..... . ... . ... . . . .. .. |
00004580 |.. . . . .. . .. . . . .. . .. . . . .. . . |
000045C0 | .. . . . . . .. . .. . . .. .. . ...|
00004600 |. .. ... .. ... ..... . . ...... .. ..|
00004640 | .. . .... .. . . .. ... .. . ..... ... .|
00004680 | .. .. .. . . . . ... . .... . ... .. .. |
000046C0 | . ... .. . .. . .. . ... . . .... .|
00004700 |. ....... . ...... .. .. .. .. . . .|
00004740 |. .. ... . .. .... .. . . .. ... . .. |
00004780 | . .. . ... . . . ...... .... . |
000047C0 | .... .. .......... . .. .. . . .. .. |
00004800 |.. . . . . . .. . .. . .. . .. ... . |
00004840 | . .... . ............ . ... . .. . . . .. .|
00004880 | .. .. .... . . . . ... . .. .. .. ....|
000048C0 |....... .. .. . .. . . . .. . . ....... . |
00004900 |........ .. . ....... .... .. . ............ . . . . .|
00004940 | . . . . .. . . .. .. . ... . .. .|
00004980 | . . . .. .... ... . .. . .... .. ... |
000049C0 | . .... . ... ...... . . ... . .... ............|
00004A00 |.. ... .. ... ..... . .. . . . . .|
00004A40 | . .. . .. .... .. .. .. . ... . . . .... |
00004A80 | . . . . . . .. .... ..... . . .. . .. |
00004AC0 | ... . . . .. . . .. .. . . .. |
00004B00 | .. ..... . ...... .. . .. .. . .. .. ... |
00004B40 | .. . . ... .. .. . . . .. . .. .. . ..|
00004B80 | . .. . . .... ... .. ... . . .... . ......... ..|
00004BC0 | .. . . . .. . . . . .. .. .... .. . |
00004C00 | ... .. .. ...... .... ... . . .. |
00004C40 | . . .. . . . . . ... ... . . ... |
00004C80 | . . . .. . .. . . .. . ..... . ... . . . . |
00004CC0 | . .. ... . ... ... . . . ... .. . . . |
00004D00 | .. .. .. .. .. .. . ... ... . .. . . .. . ..|
00004D40 |....... ........... ... . . ... .. |
00004D80 | .. ... . .... . .. . ....... . ... .. .. |
00004DC0 |. . .......... ......... ... . .. ... . |
00004E00 |.... .. . . .. . . . .... .... ...... ... ... . |
00004E40 | .. . . .. . . ... . . . .. . .... . ..|
00004E80 |. . . .... . ........... ... .... . .. . . |
00004EC0 |. . . . ..... . . .. .. . . . |
00004F00 | . .. .. ... .. .. . . .. ..... . . .. . .. |
00004F40 |. .... .. . .. . . . . .... .. .. .. . .|
00004F80 | . . . .. . . . ... .. ... . ....|
00004FC0 | . . .. ... . .. . ... .. .... . .. |
00005000 | ........ .. ..... .. . .... .. . . . ..|
00005040 | . . . .. . .. . .... ....... .. . . ....|
00005080 | .... .. .. .. .. . .... .... .. .... ... .. . .... . .|
000050C0 | . . . . ..... . ..... .. ...... .. ...|
Who Wrote Sobig? Copyright 2003-2004 Authors Page 26 of 48

00005100 |. ... .. . .. . .. . . . .. . .|
00005140 | . .. . . .... .. .. . ... ..... ... |
00005180 | . . ..... .. . ... . . .... . . ... . |
000051C0 | . . . . . . .. . ..... . . ... . |
00005200 | .. .. ... .. .... .. ... . . ... . .. . . |
00005240 |... . .. .... .. . .... . .. . . |
00005280 | . .. .. .... ......... . .... .. ... ...|
000052C0 | . .. ... . . . . ... .. . ... .. |
00005300 | .. .. . . .. ..... .... .. ... . . . . . . . .. |
00005340 | .. .. .. .. . . .... ... . .. .. .... ..|
00005380 | . .. . .. . ... . .... .. ... .. . ..... .|
000053C0 |. ... .. . . .... . . .. . ... .. . . .. |
00005400 |.. . ..... . .. . . .... . .. ... . |
00005440 | . .. . .. . .... .. .. . . ... . |
00005480 | . .. .. . ... . ... .. .. . .. . .. .... .|
000054C0 |.... . . . . ... . .. .. .. .. . . . |
00005500 | .. . ... .. .... . ... . . .. .. . . . |
00005540 |.. .. . .. ... . . . . .. ..... . .. .. |
00005580 | .. . . ... . ... .... .... . . . ... . . . |
000055C0 | . . ... .. . . . .. .. ..... .. .... . |
00005600 | . .. . .... .... .. ... .... . .. . . . . |
00005640 |. ... ... . ... ... .. . . ..... ... |
00005680 |... . . .. .. . . .. . ... . . . . .. .|
000056C0 | . ..... ... . .. . . . . . ... . |
00005700 |. ... .. . . . . ... . . . ... . .|
00005740 | . . .. .... . . .. . . .. . .. .. . .... |
00005780 | . .... ... ..... .... .. .... ... .|
000057C0 |... . . . ... ... ..... ... ... .. .... ..|
00005800 |. .. . .. . . . .. . .. .. . . |
00005840 | .... .. ... .. ..... .. . ... ... .... |
00005880 |.. . .... .. ... .. .... .. . ... ..... ...|
000058C0 |. . .. . .. ... .. .. . .. . .. ... |
00005900 | .. .. ... . .. .. .. .. ... ... ... . |
00005940 |... . . .. .... .. .. . . .. .. . .. . . . ..|
00005980 |. . . .. . . . . .. . ... . .. . .. |
000059C0 | . . ... . . . ...... .. . .. ..... .. . . . |
00005A00 |. ... .. .. . .. . .. . . . ... . . .|
00005A40 | . . . . . .. . ... ... . .. . . . . .. . |
00005A80 | .... ........ .. ..... .. . .. . . . . .. |
00005AC0 | . ... .. . ... . . .... .. . . ... . . .. . |
00005B00 | .. . . .. .. . ... . . . . ... .. . .. .|
00005B40 |... .. . ... . . . .. .. ... . . . |
00005B80 | .. .. . .... ... . . .. . .... .. . ..|
00005BC0 | . .... .... . .. . .... . . . |
00005C00 | ... ....... ... . .. . ... .... .. ... . . ..|
00005C40 | .. . .. ... ..... . .. ... . . .. . . . |
00005C80 |.... . .. . .. .... .. . .. . ... . |
00005CC0 |. . ... . . .. . . . . . .. ... . .. .. ....|
00005D00 | .. . . . . .. ... .. ..... .. . . . |
00005D40 |. .. . . . . .. . .. . . .. . ... |
00005D80 |.. . ... .... ... ... ... ...... . . .. .. ..|
00005DC0 |. .. ... .... .. .... .. . .. . .. .. ..|
00005E00 |. . .. . .. . . .. . .. ... .. . ... . . ... |
00005E40 |. . . .... . . .... ... . .. .. |
00005E80 | . ... .... ... ... .... ... ..... .. ... .|
00005EC0 |.. ... .. .... ... . .. .. . ... . ... |
00005F00 | .. ..... . . .. ... ... .. .... ... . ... ... |
00005F40 |... ... . . ... .... . .. ... .. ... |
00005F80 |.... ... . . .. . . ..... . . .... |
00005FC0 |.. . .. ... . .. ....... .. .. . |
00006000 | .. ........ .... ... . .. . . ... . . . |
00006040 |. . . ... ..... . .. .. .. . ... ....|
00006080 | . .. .... .... . .. .. .. .. . . |
000060C0 | . .. . ... .. . .. . ... .. ... . . ... |
00006100 | ... . .... . .... . .... . .. ... . .... ...|
00006140 |.. .... .. ..... ... . .. . .. . . .|
00006180 | .. . . .. . . ... .. . . ... ... ... .. ..|
000061C0 |... .. . .. ... . ... ... .. . .. .. . .|
00006200 | . . .. ... . .. . . ......... ...... .. . .|
00006240 |.. ... .. .. . .. .. ... ... . ... . .... .|
00006280 |. .... . . ..... .. ... . . . .... . . ..|
Who Wrote Sobig? Copyright 2003-2004 Authors Page 27 of 48

000062C0 | .... . .. . . .... .. . ... ... . .. ... .|

00006300 |... . . .. .... . . . .. .... ........ . .. |
00006340 | . . . . ... .. ... . .. .. .... .. |
00006380 | .. ... . .. . . .... . . . |
000063C0 | ... . . .. ... . . . .. . .. . . ...|
00006400 |.... ..... .. . . .. . . ... . ..... . ... . |
00006440 | . .... .. ... ..... ... ... ......... .. . .|
00006480 |.. ..... .. .. .. .. . . .. . . . . ..|
000064C0 | . ... ..... ... ........ .. .. ... ... .|
00006500 | .... .. . .. .... .. .. ... ..... . . ...... |
00006540 | . . .. .. .. ... .. .. ... ... .. |
00006580 | . .. . . .. . . .. ... . .. ... |
000065C0 | .. .. .. . .... .. . ... .. .... . ... . |
00006600 |.. ... . . ... .. . .... .. ... ... ..|
00006640 |.. ... .. ... ... . ..... .. .. .. ... .|
00006680 |. ... . ... ... .. ... .... . ... . .. . .. .|
000066C0 | .. . . . . . . .. . .. . . .... ... ..|
00006700 |. ... .... ... ... ... .... ... . .... . . ... .|
00006740 | .... . .. .. .. .. .. .. . . .|
00006780 |.. .. .. .. . . . ... . .. . ... .. |
000067C0 |. ... . . ..... .. ... .. . ... .... . .|
00006800 |. . ... . .. . .... . . ... .. ... . |
00006840 |.... . . . ... . . . . . . . . .. .|
00006880 | . .. .. . . .. .. .... .. .. . .. . |
000068C0 | . .. . . .. .. . ... ... . .. ... .. .. .. . |
00006900 | . . ... .. . . . . . . .. .. . .. |
00006940 |.. . . .. . . . ...... . .... . . . . .|
00006980 |.. . . ... ...... . .. .. .. .... . .. . .|
000069C0 | .. .. .. ... . . . ... . . .. . .. .. |
00006A00 | .. . . . . . ... . .. ... .. ....... .... |
00006A40 | .. . ... . . .... . . . .... . . .. . . . |
00006A80 |... . .. . . . .. . ... . ... . .. |
00006AC0 | . . ... . . .. ... .. . . . .. . |
00006B00 | .. . .. .. ... . .. .. . . .. . |
00006B40 | . .. . . . .. . .. .... . .. . . . .. .. . |
00006B80 | .. .. . .. .. .. . ... . .. ... . . . |
00006BC0 | . .. . .. .. .... . ..... ........ . .. ..|
00006C00 |.. . . . .. ... .... ... . .. . |
00006C40 | .. . .. .. . ... . . . .... . . . |
00006C80 | . . . . . ....... . .. .. .. ... ... . .|
00006CC0 | . .. . . ...... .. .. . .. ... .. .. .. . . . .. |
00006D00 |.. . . .. .. . .. .. .. ... .. .. .. . |
00006D40 |. .. . .. . .. . .. .. .. ... . .. . .|
00006D80 |.. . . . . . .. . ... . . . .|
00006DC0 | .. . .. . .. .. .. . .... .. . . . ... .|
00006E00 | . ... . .. ... .. .. . . . . .. .. . |
00006E40 | .... . . . .. . . . ... .. . . |
00006E80 |. ..... . .. . .. .. .... .. .. . ..... ... |
00006EC0 |... ..... ..... . . . ... .... .. ...........|
00006F00 | ......... . . .. . . . ........ .|
00006F40 |. .. .... . . .. . . .. . . . . .. |
00006F80 | ... ... .. .. . . .. . . .. . .. . . |
00006FC0 |.. . .. ... . . . . .... . .... .. . . . |
00007000 | ... .... . . ****************** ....... . ....|
00007040 |.. . . ..... ... .. .. ... . . .. . .. .|
00007080 |. .... .. . ............. .. . . ... . . .. .|
000070C0 |...... . . ....... .. ....... ..... . . |
00007100 | . .. . . ... ... .. . ... ... |
00007140 | ... . . .. .. . .... . . .. ..... . |
00007180 | . ....... ... ..... .. . .. .... . . ..|
000071C0 | .... ..... . . ... . . ... .... . .. ... . .. . |
00007200 | ...... .. . .. . . .. . . . ..... .. .|
00007240 | . . . . .. .. .... ... . . ..|
00007280 |.. ... ..... . .. .. ... ... .. .. .... .. .|
000072C0 |. .. .. ... .. . . .. . .. .. . .. ..... |
00007300 | .. . ....... .. .. . . . ....... |
00007340 | ........ . . ........ .. . . .. .... . . |
00007380 |. .... ...... .. . . . ... .. . . .. . |
000073C0 | .. .. .... .. .. ... ... .... .. .|
00007400 | . .. . . . .. ... .. . .. .. .. ... .|
00007440 |... .. . .. . .. .... ......... . .|
Who Wrote Sobig? Copyright 2003-2004 Authors Page 28 of 48

00007480 |... . . . ....... .... . . .. . . .......|

000074C0 |........ . . .. .. .. . ... . . ... . . .|
00007500 |. .. .. . ... .. . .. .. . . |
00007540 |.. ... .. ..... . . . ..... ..... . ... .. . .|
00007580 |.. .. ... . ... .. . ... .. . ... . .. . .. .. . |
000075C0 | .. . .. ..... .. .. ... .. . .. ..|
00007600 |. ... . .. .. .... . . .. .. .... .|
00007640 | ... . . ... . .... . . .... . ......... .. |
00007680 | .. ... . . . . .... . . . ... . . .. . ...|
000076C0 | .. . . . .... . . ....... .... . .. . . . |
00007700 |. . .. .... ... . ....... .... .. . |
00007740 | ...... . ... . ... . .... . .... . ... . |
00007780 | ..... ... ........ . .. .. ...... . .. . .|
000077C0 | .. . ... ..... ..... .... . . .. ...... ... .... |
00007800 |.. ... .. . ..... . . ... ... .. . .|
00007840 | ... . ... .. ..... .. .. .. .. .. .. ..... .|
00007880 |. . .. ... ..... ... . .. . . .. . .|
000078C0 |.. . . ... ... . . . .... .. . ....***********|
00007900 |******* .. . ... . ....... . .. . .. . ... |
00007940 |... . . . ...... . . ............. . ... . . |
00007980 | . ....... . .. . .... ... . .. . .. .. . .|
000079C0 | . ... . . . . .. .. ..... .. .|
00007A00 | ... .. . .. . .. . . .. .... . .. . ...|
00007A40 | .. . ... .. . . . . .... .. .. ...|
00007A80 |.......... ..... . . . . . .......... ...... . . |
00007AC0 | . .. ........ ..... ........ .. . .. . . .... |
00007B00 | ... . . .. .. . . . . .... . ..... . . . ..|
00007B40 | . . ..... . ..... .. . .. . . .. . .........|
00007B80 |. . ... . . . . . .. .. .. .. . .. ..|
00007BC0 |... ....... ... ..... .. . .... ... . . ..|
00007C00 | .... . . . . . . ...... . ....|
00007C40 |. . ... . .... .. .. . . .. . . . .. |
00007C80 | . . ... .... ... ... . .. . .. .. .. .......... |
00007CC0 |. ... ..... .... . . .... . . ... . .. |
00007D00 | .. . . .... .. ... . .. .. . . . . |
00007D40 | . .. ... .... . . . . ..... . . |
00007D80 |.. . .. . .. . . .. . .. .. ... . . .... ...|
00007DC0 | . . . . ..... . . ..... .. ... . .... |
00007E00 |. . . ... ...... ..... . . . ........ . |
00007E40 |... ... . . .. . .. . ....... |
00007E80 |. . . .. . . . .. . . . .. ..... . |
00007EC0 | . . . .. ... .. . . ... .. . ... |
00007F00 | . . .. . . ... . . . . .. . .. .|
00007F40 | . .. .. . .. .. . .. . ... ... . . ....|
00007F80 |............. ......... . . . . . ... .. .... .... ....|
00007FC0 | ... . . . ..... . .. . . . . ... . . |
00008000 | . . . .... . .. .. ... .. .. . . . .|
00008040 |.. . .... .. .. .. .. . . .. . ... . .|
00008080 | ... . .. . . . .... . . .. .... . . . |
000080C0 |. ... . . .. . . ...... ... . . .. |
00008100 |. . ... ... . . ... .. . .............|
00008140 |....... . . .... . . .. . ..... ....|
00008180 | ... ...... . . . .. . . .. . .. . .|
000081C0 | . .. .... . .. ... . . . .... .. . . ..|
00008200 | ..... . .. . . .... . . .... . .. |
00008240 | ***************** ......... . . . .. ..|
00008280 |.. . .. .. .. ... .... .. .. ... . .. . .|
000082C0 | .. . . . ... . . .. .. .... .... . . . |
00008300 |... .. .. . . . .... .. ....... . . . . |
00008340 |. ...... ...***********************. .. .. . |
00008380 | . .. . . ..... .. ... . ..... ...... |
000083C0 | . . . ... .. . ....... . . ..|
00008400 | .. . . .. . . .... . |
00008440 | . ...... .. .. . .... . ... . |
00008480 | .... . ... . .. .. . ... . . . . ......|
000084C0 |..... .. ..... . . . . . ... . |
00008500 | . . ... ... .. . . . . ... ... . . . |
00008540 | . ..... . . . . . . . .. . . . ... .. . |
00008580 |... .. .. .... . .. . .. . ... . |
000085C0 |... ...... .. . . .. .... . . .. ... .. . .|
00008600 | .. . .. ... .. . .. .. .. .. ... . .. .. .. |
Who Wrote Sobig? Copyright 2003-2004 Authors Page 29 of 48

00008640 |..... ... . .. . .... .. ... . . .... |

00008680 | . . ... ... .... . ... ... . . . ... .|
000086C0 |........ ..... ... . . . .. . . . . ... |
00008700 | ... .. . .. ... .. .. . . .. . . ... . . . |
00008740 | .. . . ... . .... .. ..... . .. ... ......|
00008780 |..... . .. . . . . .. . .... . |
000087C0 |. . .... .. .. .... . .. .. .. . . |
00008800 |.. ... . . . . ... ... .. .. ..... . |
00008840 | . .. .... . ... .. ... . .. . .. |
00008880 | .. . . . .. . . . . .. . ...... .... |
000088C0 | . . . ..... . .. . .. .. . .. .... . .. |
00008900 | ... . .. . ... ... . .. .. . .. |
00008940 | . ... . .. .. . . ... . . .. .. . |
00008980 | .. . ... .. . . . . .... . . |
000089C0 | .. .. . . . .. ... . ...... . .... .... |
00008A00 | ..... .. . . .. ... . .... ...... ..... . .. .. |
00008A40 | .. .. .. ...... .. . ... .. . . . |
00008A80 |.. . ... . .. .. . . .. .. . .. ... . |
00008AC0 | . . .. .... ... . . ... .... ... . . . . . ..|
00008B00 |.. ..... . .. . . .. . . . .. ..... .... .. . |
00008B40 | . .. .. . .. . .. . . .. .. |
00008B80 | ...... . . ... .... .. ... . . .. .. .. |
00008BC0 | . . .. ... .. ... . .. . .... .. .|
00008C00 | . . ... . .. .. . ... .. .. . .... |
00008C40 | ..... .... ... . .... .. . .... .... .. . .. . .|
00008C80 |. . . .... ... .. . .. . .. .. . .. . .. . ... . . ..|
00008CC0 |. ... . ... .. .. |
00008D00 | .. . .. . ... .. .... .... .. ..... . . . ..|
00008D40 | ...... ... .... .. . .. . . .. .. . . |
00008D80 | . . . . .. .. . .... ... .. . .. ... . .. .|
00008DC0 |.. .. .. .... ..... . . . .. ... . |
00008E00 |. ... . ... .. .. .. .. ... .. .. ... .... . .|
00008E40 |... ... . . .. .. . .. . .. .. .. . ... . . . |
00008E80 |. .. . . . . .. . .. .... .... . .. .. . . |
00008EC0 | ..... . . . .... .. . . . . |
00008F00 | ... . ..... . . .. .. . .. . . ... .. |
00008F40 |.. ........ .. ..... . . . .. .. . . |
00008F80 |.... ... ...... .. .. . ... .. . |
00008FC0 |.. .. .. . . .. .. . .. . . ... ... ... . |
00009000 | . .... .. .. .. .. . .. ... . .. ......... .. |
00009040 |... .... . ... . . . . .. . . .... .. |
00009080 | .... ... . .. . .. . ... .. .. . .. . .|
000090C0 | . ... ..... .. . ... .. .. . . .. . .... .|
00009100 |.. . .. . .... ... . . .. .. .. ... .... |
00009140 |. ... . .. .. . .. .. . . .. .. .|
00009180 |.. . . .... . ... . . ...... .. . . . ... ..|
000091C0 | . .. . . . ... . ..... . . .... ...... . .... |
00009200 |.. ..... .. . .... . . . . . .. .. . ...... ..|
00009240 | ... . .. . . .. .. .. ... . ...... .. . ...|
00009280 | . . . . . .... .. . . . .. |
000092C0 | . . ... ... . . ..... .. . . ... ... .. .. ...|
00009300 |. . ... .. ... . ..... . . .. .. . .... . |
00009340 | . ... . .. .. . . .. ... .. .. .... . . ... . |
00009380 | .... .. .. .. . . .. . . . .. . ... |
000093C0 | .. ...... . . .. ..... . . .. . ... . . . . |
00009400 | .. .. ... . ..... .. .. .. ... .. . . . . |
00009440 |. .... .. . .... .. ........ . . . |
00009480 | .. ... . .... . . .... .. . ..... ... |
000094C0 |... .. .. .... . ..... .. .. . ... ... . .. .|
00009500 |.. . .. . . . . . . ... .. ..|
00009540 |.. . .... . . . .. ... ... .. .. .. .... . .|
00009580 | . ... .... . .. .. .. .... .. .. . .|
000095C0 |. . . . .. . . . .. ... . . . . . ... .|
00009600 |.... ........ .... .. .. .. .... .. .. . |
00009640 |... . ..... . ... .. .. . .. . . .. |
00009680 | .. .. .. .. . .. ...... .. ... . .. |
000096C0 | .. . .. .... . .. . . .. . . .. .. . .. .|
00009700 |.. ... . . .. . .. . . .... ... . . . .. |
00009740 |.. ... .. .. . .. . .. ... . . . .. .|
00009780 | . ... . .. .... . .. . . ... . . . ...... |
000097C0 | ..... . . . . .. .. .. .. . ... |
Who Wrote Sobig? Copyright 2003-2004 Authors Page 30 of 48

00009800 |.. .. . ..... . . ..... . . . .. .. ... ... .. . .|

00009840 |. ... . . .... .... . ..... . ... ...... ..|
00009880 | .. . .. . . .. . .. . .. .... ... .... |
000098C0 |.... . .. . . ... . ... . . . . ...|
00009900 |.. . .. . .. ... . . .. . .. . . . .. . . .|
00009940 | .. . .. .... .. . . ..... . ... . |
00009980 | . .. .. ... . .. . .. . . . .. . .. . |
000099C0 | . ........ . .. ........ . . . . ....|
00009A00 | . . . . ... .. .. ... . .. . . . .... .. |
00009A40 | ... . . . . . .. . . ..|
00009A80 |.. .... .... . . . . . . . .. . ... ..... .|
00009AC0 | . . .... .. .........|
00009B00 |....... ..... . . . . .. .. . ... .. . . . |
00009B40 |.. . .. . ... . . . ...... . |
00009B80 | . . . . . . . . . .... .. . . |
00009BC0 | . . ... . .... ... . . . .. . .|
00009C00 |. . .. ... ... . . . ... . . .... . . ..|
00009C40 |. ... . ... . . . . .. .. .|
00009C80 | .. ..... . . . . . . .. . . . |
00009CC0 | . . . .. .. . . .... . .. . . |
00009D00 | .. . .. . . .. . . . . . ... ... . . ...|
00009D40 |............ . .. .. . . . ... . ....|
00009D80 |. .. ....... . ... . . . ... |
00009DC0 |. . . . . .... . . .. ... . .. |
00009E00 | . .. . . . . . .. . . . . ... . |
00009E40 |.... . ... . ....... . .... . . . . . .... .. . .... |
00009E80 | . ......... .. . . .. .. . |
00009EC0 |. .. . ... .. . .. ... . .... ..... .. .|
00009F00 | .. ... . .... .. . . . .. .. . . .... .. |
00009F40 | .. .. ... . ... ... ... . .. . |
00009F80 | . . . .... . ..... ... . ... . . . .. ... .. ..|
00009FC0 | .. . . . ... .. . . .. .. . .. .. ... . |
0000A000 |. ..... . .. ..... .. . . .. . .... ... ... |
0000A040 |. . ........ .......... .... ... . . .... |
0000A080 | . .. . .. . . . ... ... .. .. |
0000A0C0 | .... . . . . .. . .. ... . .|
0000A100 |. ..... . . .... . . . . .. . ... .. . . |
0000A140 |. .. ... . .. . . . . . . . .....|
0000A180 | ... ... .. . . . . ... .. ... .. .... .. |
0000A1C0 | . . .. .. .. . . ... . .... .. .... . . |
0000A200 | ... .... .. ... .. . . .. .. ... ... . |
0000A240 | .. . . . . . ... .... .. .. . . ..|
0000A280 | ..... .. .. ... .. . .... . . . ... .. . |
0000A2C0 | . . . .... .... . ................. .. ..... .. |
0000A300 | .. . ... . .. . . .. .. . .... ... . .. |
0000A340 | ... .. .. . . . . . .. . .. . .. |
0000A380 | .. . ... . . . . ... . ...... ......... |
0000A3C0 | ................ .. .. ... .. .. ... . . ..|
0000A400 | . .... . .. . . .. . ... . .. . . . |
0000A440 | .. .. ... .... . . .. ... . .. .. |
0000A480 | .. . . .. .. . . .. .. ... .|
0000A4C0 | . . . .. ... ... . . .... ..... . .. . . .|
0000A500 | . .. .. ....... .. ...... . .... .... . .. |
0000A540 | . ... ... .. ....... .. .. .. . . ...|
0000A580 | .... . . . . . . ... .... . ....... |
0000A5C0 |... . ... . .......... . . . . . . .. . ..... |
0000A600 | . .. .... . . .. . . .. . .. .. . . |
0000A640 | .. ... ... .. . .. .. . .. .. . . . . . |
0000A680 | . .. . ... . . . .. . ... . ..|
0000A6C0 | ... ....... . . . ... . . ... ... ..... ........ |
0000A700 | .... . .. ............ ..... ......... ........ . .|
0000A740 | . . . . . . . .. .... . . . ............ ...|
0000A780 |. .. . ....****************************************|
0000A7C0 |**************************************** . . . . |
0000A800 |... ..... .. ... . . . . .. .... . ... . . . |
0000A840 | .. ........ .... ..... .. . . ..****************|
0000A880 |********************* ...........************************ .*|
0000A8C0 |********************* .... . . . . . . . .****|
0000A900 |****************************************************************|
0000A940 |** ... . . . . ************************|
0000A980 |*************************************************......... ...|
Who Wrote Sobig? Copyright 2003-2004 Authors Page 31 of 48

0000A9C0 |..... .*********************** .... .. . . .********|

0000AA00 |***********....... .************************************** .*|
0000AA40 |********************************************* .... . . .|
0000AA80 | . . . . .********************************************|
0000AAC0 |************************** ... . . . .****************|
0000AB00 |*************************.. ************************* .. .|
0000AB40 |. ... . . ... . . . .. .. .... ... . . |
0000AB80 | . . . ... .. . ... . . . ...... ... .......|
0000ABC0 | .............. . . .. . . . . . . . |
0000AC00 | . . ..... ..... .. . . .... . .. ... ... . |
0000AC40 | .. .. . ..... ... ... . . ... .***********|
0000AC80 |*************************************** ................*****|
0000ACC0 |******************** . .************************************ **|
0000AD00 |******************************************* *****************|
0000AD40 |**** .******************************************* ..........|
0000AD80 |... ***************************************** .............|
0000ADC0 |. ********************* .................******************* ..|
0000AE00 |........... *********************************** ************|
0000AE40 |******* ............... *********************************|
0000AE80 |*** *********************************************************|
0000AEC0 |*********** ........... . . . ... . . .. .. ... . |
0000AF00 | .. .... ... .... .... . .. .. ..... .|
0000AF40 |****************************************************************|
0000AF80 |****************** ..********************** ...... .*******|
0000AFC0 |************ . . ..... . . . ...... ***|
0000B000 |************************** . ... . . |
0000B040 | .. . . .. .. .. .. ... .... ... . . ....|
0000B080 | ..... . ... . . . . . |
0000B0C0 | . ... .... . . . . . . .... .. .... . |
0000B100 | . .... . . ..... . . . ..... . ..... . .. . . ..|
0000B140 |... .***********************************************************|
0000B180 |****************************************************************|
0000B1C0 |****************************************************************|
0000B200 |****************************************************************|
0000B240 |******************************************* ... . . . |
0000B280 |. . .. . ... .... . .********************|
0000B2C0 | .... ..... .. . . ..********************************|
0000B300 |*****.. . . . . .. .. . . . .. . |
0000B340 | . . . . . . .. . ... .. ... . . . |
0000B380 | . . . . . . .... . . ... .|
0000B3C0 | . . . . . . . . . . . . . .|
0000B400 |. . . . ..**************************** ........ .*******|
0000B440 |**************** .... .. . . .************************|
0000B480 |* .************************************** .*****************|
0000B4C0 |***************************** ... .. .. .. .. .. .|
0000B500 | .************************************************************|
0000B540 |********** ... . . . .********************************|
0000B580 |************************************************* ... .. . .. |
0000B5C0 |. . .... .... . . . . . . . . . ..... .. ... |
0000B600 | . .. . .. . ... . . .. .. . |
0000B640 | . . .. . .. . . .. .... ... .... . ...........|
0000B680 |. .. ............ ............... ******|
0000B6C0 |******************** . . . . . |
0000B700 | .. .... . .. ... .. . . . ... . . .... . .. . ....|
0000B740 | . . ... . . ..... .... . .. |
0000B780 |.... ....... ******************************* . .... . |
0000B7C0 |... .. ...... .. ................... .. .... .... .|
0000B800 |....... ... ...... .. ..... . .. . . . |
0000B840 |. ... . .. . ......... ..... ....... . .. ... .... ..|
0000B880 |.....********************* .... .......... .. . ....... ...|
0000B8C0 |... ..... ........ ............. ............... ...... |
0000B900 | . . ..... ...... ... .. ............. ..... ... .....|
0000B940 | . . . . .... . . . . ... . .. . |
0000B980 | . . ... .... . . .... ............... ....... .... |
0000B9C0 | ............ .. . . . . .. . . .... . .|
0000BA00 | .... ... . . . . . . .. . . .. . .. .|
0000BA40 |. . ..... . ... .. . . .. .. |
0000BA80 | .. . . .. ..... . ..... ....... .. ... |
0000BAC0 |............ ..... .. ....... ............... . ...... .. |
0000BB00 | . ... . ... . . . .. ........ .|
0000BB40 | ....... .... .... .............. .. ....... ...........|
Who Wrote Sobig? Copyright 2003-2004 Authors Page 32 of 48

0000BB80 |. ... .... ... .... . .. . .*************|

0000BBC0 |*********************** ............ ... . ... .... .. |
0000BC00 | . .. . .... . ... . .. .... . ..... ..|
0000BC40 | .. ... . .. .... .. ***********************|
0000BC80 | . ...... ........ ... . ....... ... ............ .|
0000BCC0 | . . .. . . . . . . |
0000BD00 |. .. . . . ... . ... . ..... . .. . |
0000BD40 | . . . . .. . . . . . .|
0000BD80 | .. ... . .. . . .. . . . .. .... .....|
0000BDC0 |. . . . .. .. .. ... . . . .. ... . ... |
0000BE00 | . .. .. ... ..********************************* |
0000BE40 | .. .... .. . . . ... .. . ........... .. ***|
0000BE80 |******************* .... ......... ***************** |
0000BEC0 |......... ........ ... ....... .. ....... ....... *|
0000BF00 |********************************************** ........ .. |
0000BF40 | ... .. . . . .... . ... .. ........|
0000BF80 |. ... . .... . .. . ********************** .|
0000BFC0 |.... ..... .... **************************** .. |
0000C000 | ....... . . .. . .. .|
0000C040 |... . .... ... ... ... .. . . ........ . . . .. |
0000C080 | .. . . ... . .... ... . . . . .. ... |
0000C0C0 | . . . . .. . .. ... .. .... . . .. ......|
0000C100 |....... .. ... . .. .. .. .. . .... ... .... .|
0000C140 |.. . ... . .... . . .. . .. .. .. |
0000C180 | .. .******************* ...... ........... ... ........|
0000C1C0 |...... ................ ............ ......***************|
0000C200 |*************************************************************.. |
0000C240 |.. . ... ... .... . . .... .. . . ..|
0000C280 |. .. . .. ..... .. .... . . ... |
0000C2C0 | ... . . . .. . .. .... .... *********|
0000C300 |********************* ...... ..... ....... ......... ...... |
0000C340 | ......... .. . . .. . . ..... . . . .. |
0000C380 | . .. ........ .. .. .. ..... ....... . . ...............|
0000C3C0 |... ...... .. . .. .... . . . . . . |
0000C400 |..... . . ..... .... . . ... . ... . .. ..|
0000C440 | ... .. ...... ... . ... .. . ... . .|
0000C480 | ... ....... .. .. ... . . . . .. . . |
0000C4C0 | .. ... . . . ... .. .... ...... ......|
0000C500 |.... . .... .............. ... ..... ............... ****|
0000C540 |************************ ... .... .. . . . .. .. . |
0000C580 |... .. . .. ...... . .. .. . .... .... |
0000C5C0 | . ... ..... ... . .. ...... .......... ........|
0000C600 | . .. ..************************************ |
0000C640 | .. ....... .. .. .... ... .. .......... ...|
0000C680 |.. .......... ******************** ......... .... ....|
0000C6C0 |......... ... .... ....... .000000000000000000000 ....|
0000C700 |. .. ......... .... . ... .. . . . . .. . |
0000C740 | .. . .. . . . . . ..... . . .. .|
0000C780 | . .. .. . .. .. . . . |
0000C7C0 | .. .......... ..... ..... .......... ....... ..... ....... ...|
0000C800 |. ......... *************************** ********************* .|
0000C840 |..... ********************************* *****************|
0000C880 |***** ********************* ...... .... .... ..........|
0000C8C0 |.... ......... ...... ... . . . .. . .... .. |
0000C900 |... . ..... . ..... .. ..... . ........ .... ...|
0000C940 |............ *************************** ......... *************|
0000C980 |***********.. .. . . . . . . . ... . . .. . ... |
0000C9C0 | . . .. .. . .. . .. ..................... . .|
0000CA00 |....... **************************** ********************.|
0000CA40 |...... ..*******************************************************|
0000CA80 |********************** ****************************** ........ *|
0000CAC0 |**************** ******************************* ....... .. |
0000CB00 | ......... . .*******************************************|
0000CB40 |******** ************************** ....... .... **************|
0000CB80 |*** .. ... ****************************** .... ******|
0000CBC0 |************************************ . . ............. **|
0000CC00 |****************************** ............. ........... .|
0000CC40 | .******************************************* ....... ..|
0000CC80 |..... ....... *****************************.... . |
0000CCC0 | ... . .... .. . .. ... . . . . . .. . .|
0000CD00 | .. .. .......... ****************************************|
Who Wrote Sobig? Copyright 2003-2004 Authors Page 33 of 48

0000CD40 |** ... *****************************************************|

0000CD80 | . .******************************* ... ...... |
0000CDC0 | ................. ......... ........ ....... ........ *******|
0000CE00 |********** ....... ......... ......... ........ ....... ....|
0000CE40 |.... ........... ......... .... ........ ..... . . .|
0000CE80 | .. . ... . .. .. ... . . .. .. |
0000CEC0 | .... ....... .... ...... .... .......... .......... .. |
0000CF00 |........ ........... .. . ...... ..... . . ....|
0000CF40 |... . . .********************************************. . .|
0000CF80 |.******************************** ***************************|
0000CFC0 |*******.............. .. .. ..... . .. . . .|
0000D000 | .. . .... ... . . . . .. .. . . . . .......|
0000D040 | . . . . ... .. ...... . ....... ......|
0000D080 |....... ... . ..... ............ ............. . ... ....|
0000D0C0 |............ . . ... .. .. . . . .....|
0000D100 | . .... . . .. ... ....... .. ....... ...|
0000D140 |. ... ......... . ......................... .... |
0000D180 | . .. . . ... ...********************* .........|
0000D1C0 |.. ........... ............... ***************************|
0000D200 |************************* ****************************** .|
0000D240 |....... .......... ... ... . . .. . . |
0000D280 | . ... . . . . ... . . . . . . .. . .|
0000D2C0 | .. .. . .. ........... .............. ....|
0000D300 |... . ... ..... ... ... . . .. ... .|
0000D340 |. .. . . . . .. .. . . .. . .. . .... . |
0000D380 | ............ ........ .... .. ..... ............ |
0000D3C0 | ....... . . ... ............ ......... ... |
0000D400 | .......... ......... .... ....... ........ ........... .|
0000D440 |..... ****************************************************|
0000D480 |*******..***************** . ... .... . . . . |
0000D4C0 | . ... .. . ... ............ ....... ......... .|
0000D500 | .... .... .... ... ........ .............. ..... ..............|
0000D540 | ... .... .... ............... ............ ******************|
0000D580 |************ ...................... ********************** .....|
0000D5C0 |...... ....... ................ ........ ...... . . |
0000D600 |. . . ... .... .. . . . . .. . . . ..|
0000D640 |. ....... ........ ... ....... .. ..... ...... .... |
0000D680 |.... ...... ...... . . .. ... *********|
0000D6C0 |*********... .. . . . . .. .. ............|
0000D700 |.. ............ ........... ....... ................ ..|
0000D740 |..... ............. ....... ....... .. ...... . ... .. ..|
0000D780 | .. .............. ........... .. .. . ... . |
0000D7C0 | . . .. . .... . .. . . .. ....|
0000D800 |................ .. ........... .. ...... ... .. .. .|
0000D840 |.... ... ............. . .. . ... . . .|
0000D880 | . .. . ... . . ... . ... ... ........|
0000D8C0 |... ....... *********************************** ......|
0000D900 |... **************************** ............... ***********|
0000D940 |****** *********************************************************|
0000D980 |***********************************. ... *********************|
0000D9C0 |********* ....... ....... . ....... .. .. .... .......|
0000DA00 |......... .............. . .. . . .. . . ... |
0000DA40 |. .. .. . .... . ....... .. . .. . ... .. |
0000DA80 | . . . . .. . ... .. . .. . . . . .. . .|
0000DAC0 | ...... . . .. . . ...... .. . ... . . |
0000DB00 | . . . . . ..... . ... . . |
0000DB40 | .. . . ... .. .... ... . . . . . . . . .. . .|
0000DB80 |.............************************ *************************|
0000DBC0 |************************ ... . ... ..... .... ...|
0000DC00 |. ..... ... .... ......... ... ****************|
0000DC40 |****** ....... .... .... ... ... .... .... ....|
0000DC80 | .... ... .... . .. .. . ... . .. ...|
0000DCC0 | . . . .. .. .. ....... .. ....... .......|
0000DD00 |....... ********************* ..... ..... ...... .. |
0000DD40 | . . .. . . . . .. ... . . .. .|
0000DD80 | . ..... ... .. ... .... .. .. ..... . .... . .... .|
0000DDC0 |... ... . .. ... .***************** *****|
0000DE00 |************ ........ ******************* ........ .......|
0000DE40 |... . .. .... . ... . .. ************************|
0000DE80 | . ........... ......... .... . ... ... |
0000DEC0 |.. ... .... ... . ...... .. ..***********|
Who Wrote Sobig? Copyright 2003-2004 Authors Page 34 of 48

0000DF00 |************ ........... . .... ... ....... . |

0000DF40 | . .*************************** *********************|
0000DF80 |******** ******************* ************************ |
0000DFC0 | . ... .. ... . ... . .... .. ... ... .. .......|
0000E000 |... . ........ .. ........ ... .. ... ....... . |
0000E040 | ...... ... . .. ... ....... .... .. ..... ...|
0000E080 |.. ... . . .. .. .. ..... . ..... .... ...|
0000E0C0 |.. ......... . ....... . ....... ........... .... . ..... |
0000E100 |... . . .................. ....... .|
0000E140 |... .. .. .............. ................ ..............|
0000E180 | ********************* . .. ... ... |
0000E1C0 |. ... . ..... . . .. . .. . ..... .|
0000E200 | . .. .. ........ ******************** ******************|
0000E240 |******** ......... .... ................ . . ........ .......|
0000E280 |...... ............ .... ........... ..|
0000E2C0 |...... . .. ... ... . . . .....|
0000E300 | .. . . . . . ... . .. ....... .....*******************|
0000E340 |****************************************************************|
0000E380 |****************************************************************|
0000E3C0 |***** . . ... ... ... . . .... .. . .. .. .. |
0000E400 | . . . . . . . . ....... ...... .........|
0000E440 | .********************************************** ...........|
0000E480 |.... ............ .***************************** ... .**|
0000E4C0 |***************************.. . ... . ... . . . . |
0000E500 |. . . . . . . . ... ... . . ..... ..... |
0000E540 | ........ .************************ ................ .....|
0000E580 |.... ......... . . .... . . . . ... . .|
0000E5C0 | .. .. .. .. .... ................. .......|
0000E600 | .. .. .. .********************* ... .**************|
0000E640 |****************************************************************|
0000E680 |**************************** ... ... ... . .. ...|
0000E6C0 | . .. ... . . . ... ... .. ... ............ .. |
0000E700 | *********************** ........... .......... ..........|
0000E740 |... .***************************** ......... .............|
0000E780 |.. ........... ............ .............. ......... |
0000E7C0 | . . .... ..... . . . . .. |
0000E800 |....... ....... ..... ........... .................. ...|
0000E840 |..... .************************* .******************** .**|
0000E880 |************************** .************************* *******|
0000E8C0 |************************************************** .**********|
0000E900 |******** .*********************************************** .*|
0000E940 |******************************************* *******************|
0000E980 |*********************************** .*************************|
0000E9C0 |***.. . .... ******************* ... . . .|
0000EA00 |.... . . . ..... . .... ... .... ...... .... |
0000EA40 | ..... ... ........ ..... .*******************.........|
0000EA80 |....... ........ . . . . . . ...... ....... .... |
0000EAC0 | ....... . ... . . . ... . .. .. .|
0000EB00 | .. . ... . . ... .... .. .. .. .. .. . |
0000EB40 | . . . . . . ..... . . .. .. .... . . ... . .. .|
0000EB80 | .. . . . .. ... .. . . ... . .. . .|
0000EBC0 | . ... .. ... . ............ . . .. .. . . .. ..|
0000EC00 | .. .. . . ..... . . .. .. . .. .. ........... .. .. |
0000EC40 |... .. .. .. ..... . . ..... . . . .. .. . . .....|
0000EC80 | . .. .......... .... .... .... ..... |
0000ECC0 |. ....... .. .. .. .. . ... .. . . . |
0000ED00 | .... . .. . . . . . . . . . ......|
0000ED40 |.. ... .. ... .......... .............. ........ |
0000ED80 |... .. . . ... . . .... ..... ..|
0000EDC0 | . .... . . . . . . . ..****************** |
0000EE00 | .**************************************************************|
0000EE40 |****************************************************************|
0000EE80 |************************************ .************************|
0000EEC0 |****************************************************************|
0000EF00 |****************************************************************|
0000EF40 |****************************************************************|
0000EF80 |****************************************************************|
0000EFC0 |****************************************************************|
0000F000 |****************************************************************|
0000F040 |****************************************************************|
0000F080 |***************** ........ ..... ................ ..... |
Who Wrote Sobig? Copyright 2003-2004 Authors Page 35 of 48

0000F0C0 |.. . . . . ... . . . . .. . . |

0000F100 | .. . . . . . . .. . . . ... . . . . .|
0000F140 |. . . . . ... . . .. ... .**************************|
0000F180 |********************************************************** .**|
0000F1C0 |****************************************************************|
0000F200 |****************************************************************|
0000F240 |**************************** .******************************|
0000F280 |********************************************* ........ .........|
0000F2C0 | .............****************** ... .....****************** ..|
0000F300 |.... ... ***************************.***********************|
0000F340 |********* ******************************************************|
0000F380 |**...... .... .......... ........... ........... ... ****|
0000F3C0 |****************************************************************|
0000F400 |***** ...... ..... ********************** .... .............|
0000F440 | .************************* ... .....***************** ...... .|
0000F480 |.. ************************************ ....**************|
0000F4C0 |************* ... ...................... . . . |
0000F500 |. .... . . . . . . . . ... . . .... ..|
0000F540 |................ . . .... . .. .. .|
0000F580 | ... .******************************************|
0000F5C0 |****************************************************************|
0000F600 |******************************************** . .. . . . |
0000F640 | ... ............ .. .. .. ...... |
0000F680 | ... .. . .. . ... .. ..*******************************|
0000F6C0 |**** ... ........... ...... *****************************|
0000F700 |****** ........ ************************************ .......|
0000F740 |. ......................... .. ....... . . .*****|
0000F780 |*************** .. . ... .. ......... . . .. .. |
0000F7C0 | . . .. .. . . .... .. . . ..|
0000F800 | . . . . . . .... . .. .. . . ..... |
0000F840 |. ... . .. .********************************* **|
0000F880 |***************************** *********************** ****|
0000F8C0 |********************************** **************************|
0000F900 |**********.... .. .. ... . ... .. . .. . .. . |
0000F940 | . .... . . .***************** .......|
0000F980 |.. .......... **********************************************|
0000F9C0 |****************************************************************|
0000FA00 |***** *************************** ************************|
0000FA40 |****************************************************************|
0000FA80 |*** .............. ..... .... .... ........... ..... ... .|
0000FAC0 |.. .................. ************************************|
0000FB00 |*** ******************************.. . . |
0000FB40 | . . . . . . . ....|
0000FB80 |.. ..... ****************************************** ...........|
0000FBC0 |.. .. ................ .. . .. .. . .... . ... |
0000FC00 |. . . . . . . . .. . . .... .. . ... .|
0000FC40 |. . . . . ... . . .. . . .. .. ... . |
0000FC80 |. . .******************************************************* |
0000FCC0 | ****************** . .............. . ............ . .*********|
0000FD00 |*********************************************** .. .. |
0000FD40 | . . . . . .. . |
0000FD80 | ......... ............. *********************************|
0000FDC0 |** ........ ............... ...... . .. . . ...|
0000FE00 | .. .. .. ......... . ... .. . .. . .... ... ..|
0000FE40 | .. ....... ................ ......... ............ . ..... **|
0000FE80 |****************************************************************|
0000FEC0 |****************************************************************|
0000FF00 |****************************************************************|
0000FF40 |********************************************************* ******|
0000FF80 |*********************************************************** ...|
0000FFC0 |.. ..... ... ...... .... ....|
00010000 | .. .. ... .... .. .. . . *****************|
00010040 |****************************************************************|
00010080 |********* ............... ................*******************|
000100C0 |************** .... . . .. ......... . . .. .. |
00010100 | ...... ..... .. .. ... ........ ....... ***********|
00010140 |*********** .... .. ........ .... . . .. . ... .|
00010180 |.. . ... ... . .. .. ... . ... . . ... . .. .... |
000101C0 |. . . . . .. . . .. .. |
00010200 | . . . ... .... .. . .. ......... ....... .. ...|
00010240 |.......... .... ...... .. . .... .. .. .|
Who Wrote Sobig? Copyright 2003-2004 Authors Page 36 of 48

00010280 |..... ..... .. ....... .... ... .. ..... |

000102C0 | .... .. **************************************************|
00010300 |***** ....... .. .... .... ..... ............... *****|
00010340 |************ . .. . .. .***********************|
00010380 |********************** ........ *****************************|
000103C0 | *********************************** ........ .......... |
00010400 | ............. .......... . .. . . .|
00010440 |. ... . ... . .. . . . ...**********|
00010480 |***********************.............. .... .. .................|
000104C0 | ****************** ...... ............. .. .............. |
00010500 |..... ....... ***************************** ......... ...|
00010540 | ..... ******************************************* ..........|
00010580 | .......... **************************** *************|
000105C0 |****************************************************************|
00010600 |** .............. .............. **********************|
00010640 |*******... .. .. .... .. . .. . .. |
00010680 | . ..... . . . ... .. .. ... .. ... . |
000106C0 | . ...... .. . . ..... .... .. .........|
00010700 |. ... . . ... .... .... ..... . . |
00010740 | .. . . . . ... ... . . . . . .. . |
00010780 |. . ... . . ....... ........ .... ..... ...... .... |
000107C0 | ....... ...... ..... . ... .... ... . . ...|
00010800 | . .. . .. . . . . . . . . ... . .. |
00010840 | ...... ************************* ....... .... ***|
00010880 |****************** .... .... *********************** |
000108C0 |...... . ..... . . ....... . ... .. .. ..|
00010900 |.. ............... ............... . .. ............ |
00010940 | .... ... ....... . .... . . . . |
00010980 | . . . . . . . . . ... .... .. ......|
000109C0 | ...... .... .... .... .. ... ..... .... |
00010A00 | .............. . . ... ..|
00010A40 | .... . ..... .. . ...... .. .. ... ... .|
00010A80 |. .... ... ... .. ... . . ... ... ..... ...|
00010AC0 |.. .... .............. ............... . ..... *|
00010B00 |***************************************** ............ |
00010B40 | ..... ..... .. ... ... .. .. .. ... ..|
00010B80 |. ..... ...... ................ . .. . |
00010BC0 | .. . ............. . ....... ........ .... . |
00010C00 |. .. . ......... .******************************|
00010C40 |************************************** ... ........... ...|
00010C80 |. ********************************** ......... ***************|
00010CC0 |*********.. .. . . ... . . . |
00010D00 | . ... .. .. . . . . . .. ... . .. |
00010D40 | . ...... . ... .. .. .... .. . ... . .. . |
00010D80 | .. ... ...******************** ..... .. **************|
00010DC0 |************ .. ********************* ....... ...........|
00010E00 |.... ............... ............... ............... ...........|
00010E40 |.... ...... ....... . ........ . ..... |
00010E80 | ........ .. . . .. . .. .. . . .. |
00010EC0 | . . . .. ... ... .. . . |
00010F00 | .. . . ...... ... ... .. ..... .|
00010F40 |............... ......... ...... ..... ........ .......|
00010F80 |.... ............ . . . .. . . .. ... . |
00010FC0 | . ..... . .. . .. .......... .. ... |
00011000 |.*********************************** .............. **********|
00011040 |************************ .... .*****************************|
00011080 |*************************************** .*********************|
000110C0 |******************************************** .****************|
00011100 |****************************************************************|
00011140 |****************************************************************|
00011180 |****************************************************************|
000111C0 |*************** .********************* .********************|
00011200 |***************************** ..... .********************** |
00011240 | ......... ............. .*********************************|
00011280 |************************** .************************* *******|
000112C0 |************************** .............. ................ |
00011300 |.***************************** ***************** ...... ..|
00011340 |............ . . ... .. ..... ... .******|
00011380 |************************ ................. .****************|
000113C0 |****************************** .... ....... ......... .**|
00011400 |******************************************** ....... .******|
Who Wrote Sobig? Copyright 2003-2004 Authors Page 37 of 48

00011440 |*********************** .***************** .****************|

00011480 |**************** .************************************** ...|
000114C0 |........ .********************************************* ... |
00011500 | ...... ... . . . ... ...******************|
00011540 |******************************************* ........... ......|
00011580 |.......... .... . . . . .... ... .. . .. |
000115C0 | ... ... .. . . . .. .......... . . .. . . .|
00011600 | ... ... . . .... ... . ... . . .. ... |
00011640 |........... ........ ................ .*******************|
00011680 |**************** ............ .. ******************* ****|
000116C0 |************* ****************** .. .......... .. ...|
00011700 |........ ......... .. .... ........ .............. .|
00011740 |. ............. ....... ........ .... .... |
00011780 | . . ... . ..**********************************|
000117C0 |********************************************************.. . .|
00011800 | . . .. ... . .. . .... ..... . . . .. |
00011840 |.... . ........... ... . . ..... .. |
00011880 |. . .. . ... .. .. . ... . . .. . .. ..|
000118C0 | .... . . .. . . .. . .. . .. . |
00011900 | ......... .... ******************** ............. ..|
00011940 |....... . .... ... .. . . .. . .. |
00011980 | . . . .. . . . . . .... .. .......... ..|
000119C0 |....... ....... ******************************************|
00011A00 |*********** . ... . ... .. . . . ..|
00011A40 | .. . ... . ... . .. . .. . ... ... |
00011A80 | ... .. .. .. . ... ... . . .. |
00011AC0 | . .. ... . . ...... . ... . .. ... .. ... |
00011B00 | . . . .. .. .. .. .. .. . ... ... .. ........|
00011B40 | . . . . ... . . .. ..... |
00011B80 | .. . .. . . . . . . . ... .. .. . . |
00011BC0 |... .. . . .. ... .. . .. ... . ******|
00011C00 |********************** ....... ................ |
00011C40 |............... . ... .......... .. ..... .. ... .. . .. . .|
00011C80 | . . . .. . .. .... .. ...... . . .. . .. ...... .. |
00011CC0 |.. ...... ...... ....... . ... . . . ... . . .. .|
00011D00 | .... .... .. . ... ... ......... ... . . .. .|
00011D40 | . . ... . . . ... ... . ... . .|
00011D80 | ... ..... . .. ... . . .. .. . .. .. . .. . . ..|
00011DC0 | ... . ...... ....... . . ... .... ... ...|
00011E00 |.......... ........................... ... .... ...... |
00011E40 |.......... . ....... .. ...... .. ... ..... ..************|
00011E80 |****** ...... ...... ....... ************************* . |
00011EC0 |... .... .............. ......... **********************|
00011F00 |*********** *********************** ... . .... ..... |
00011F40 |.... . .. .. ............ ............. ....... *********|
00011F80 |******************* .............. ...... ........ ...|
00011FC0 |...... ***************************************** ............|
00012000 |... .......... ....... ..... .. .... ***************|
00012040 |**************************** ... . ....... .. |
00012080 |........ ****************** .. ....... .... .. .. ... |
000120C0 | .. ......... . ......... ..... .......... .. ....|
00012100 |.... ******************** .... .. .. ..... .. .. ... ....|
00012140 | .. .. ......... . ......... ........ ...... .........|
00012180 |....... .............. .... .... ...... . *****************|
000121C0 |* ... ***************** .............. ...... ......|
00012200 |...... ********************** ....... . . |
00012240 | ............. ****************** ......... |
00012280 |......... ****************** ..... . .. .. . ... ..|
000122C0 | . ... . . ... .. . . . . . . .. ..|
00012300 | ....... .. . . . . . . . .. ...... ... |
00012340 | . . ... .. .. ... . ... . .. .|
00012380 |.. .... . . .... . . ...... . . .. .. |
000123C0 |. ... . .. ... ... .. . .. ... |
00012400 |...*************************************************************|
00012440 |****************************************************************|
00012480 |****************************************************************|
000124C0 |****************************************.. . . . ... . |
00012500 |... . .**************************************. .... |
00012540 | .... ....... ......... ********************** .... .|
00012580 |...... .... ............. ...... ..... ...... .... .|
000125C0 | . .. . . .. . .. .. ... ... ....|
Who Wrote Sobig? Copyright 2003-2004 Authors Page 38 of 48

00012600 |.. . . ......................... ................ .... |

00012640 | ............... ..... ............. .............. ....|
00012680 |............ .******************** .************************|
000126C0 |**** .********************* .............. *****************|
00012700 |************************** ............... .****************|
00012740 |****** . .. . . .. . . . . ....|
00012780 |...... *************************** ********************** ..|
000127C0 |. ....... .. ..... .. ..************************** . ...... ..|
00012800 |..... . ................ . .************************************|
00012840 |******************** .. *************************************|
00012880 | . ... ********************** ............... |
000128C0 | ******************************************************|
00012900 |*********************** . . .. .... |
00012940 | .. .. .. . .. .... . . . . . .. . . . ....|
00012980 | . .. .. . . ..... ... .. . ... .... |
000129C0 |. ....... ....... . . .... ....... ... .******************|
00012A00 |****************************************************************|
00012A40 |*************************** ******************* ..........|
00012A80 |..... . . . . . ..*******************************|
00012AC0 |****** . ******************... .|
00012B00 | .. ******************** .... ............. .. . .. . |
00012B40 |.. . .. .....********************************************|
00012B80 |************************************************************* ..|
00012BC0 |............ ..... ......... .. . . . |
00012C00 |.. . ....*************************** ... .. ....... |
00012C40 |. . ... . .. ...... . . . . . . |
00012C80 |. .. . ... ... .. . . . ... . .. .. .. ... .... ... |
00012CC0 | ... ..... .... .......... .... . . . ......|
00012D00 |.... . ...........**************************** ........... |
00012D40 | ..... . . . .. . . .. |
00012D80 | .... .. ..... ... .... ... ....... .. .. ... .. .|
00012DC0 |... .. . .... ..... . ..... . . . ... . |
00012E00 |. . . .... .... ..... ........... ... .. ...... |
00012E40 |.... .... . .. . . . . .......... *******|
00012E80 |********************* ****************************************|
00012EC0 |******......... ....... **********************************|
00012F00 |********** ************************************ ****************|
00012F40 |*************. .. ...... . ... ..*********|
00012F80 |****************************************************************|
00012FC0 |****************************************************************|
00013000 |****************************************************************|
00013040 |*************************************************** ...|
00013080 | .************************************************************|
000130C0 |******************************.......... . .. . . . |
00013100 |. . . . . . . . .. .. .. .|
00013140 | . . . .... . . . . . . .. .. .... . .|
00013180 | . ........ . . .. . . . .... ..... .. .|
000131C0 | . . .. . ... . ... . . ... . . .|
00013200 | . . ... ... . . .. ..... ..... . .. |
00013240 |. ... .. . . .. . .. . ... . .. . . ..|
00013280 | . ... . .. .. .. . .... . . . . .. |
000132C0 | .. .. . . .. ... . ................. ...... *****|
00013300 |************** ............ ***************** .. . ..... |
00013340 |******************* .. ....... ......... ........ ....|
00013380 |...... ........... ... . .......... ...... ...... ****|
000133C0 |***********************************************......... .....|
00013400 |....... ............... .......... ......... ........... ....|
00013440 |......... . ........... **************************** ........|
00013480 |. .... . ........ ................... ..... . ......... ..|
000134C0 |.... ........ ............ . .......... ... ...... |
00013500 | .. . .............. ....... . ...................|
00013540 | . ......... ....********************************************|
00013580 |************************ .. ......... ...... .............|
000135C0 |..... ...... ..... ............ ..**************************|
00013600 |................ ******************************************....|
00013640 |... **********************************************************|
00013680 |*************************** ********************** .*********|
000136C0 |***************************************************** .... ... |
00013700 | ... ........... ...... ............. ..... ...... ....|
00013740 |...... ... .... .. ............ . ........ .... ....... .. |
00013780 | ....... .... ... ..... ............ ....... ..... ......|
Who Wrote Sobig? Copyright 2003-2004 Authors Page 39 of 48

000137C0 |. ............. ..... ... ........ ... . ... . . ... ..|

00013800 | .. . . . . . ..... ............ . ..... |
00013840 | . . . . .. . ...... ..... |
00013880 | . . . .. . .. . . .. .... .. ... .|
000138C0 |. . . ... . . .. .. ... . . |
00013900 | . . . .. . . .. . . ... .... ...|
00013940 | ... ... .. . . .... ..... ****************** ........... |
00013980 |. ... . ... . . . .... ... .. ........... .. ....... |
000139C0 | ... ... ***************** .... .......... ..|
00013A00 | ....... ... ... ......... . .. . . . .......|
00013A40 | .. ......... ..... ............|
00013A80 | ................. ********************* . .... .. .. |
00013AC0 |. . ********************* . .. ..... ...... .. .... .. |
00013B00 |.. .. .... .. .. ... .... ......... .....|
00013B40 |............... ...... . |
00013B80 | ..... ****************************************************|
00013BC0 |********************************* .... ....... ..... .. |
00013C00 | . .. . .. ... . ... .. . . . |
00013C40 |.... . ... . . .. .. . .. .. .|
00013C80 | . . .. . .... . ... ..*************************|
00013CC0 |******************* ********************* ......... .....|
00013D00 |..... ... *********************************** ***********|
00013D40 |*************** ********************************** ...... |
00013D80 | .......... ...... *****************************************|
00013DC0 | ... .... ......************************* ...............|
00013E00 | ................ . . ... .. .. . . .. . . . . .|
00013E40 | .. . .... . . . . .......... ***************|
00013E80 |***** ********************************* ******************* |
00013EC0 | . ... . . . ..... . .... .. .. ...|
00013F00 | . . . . . . ... .. . ... ...... . .. . .. .|
00013F40 |. .. .. .. . . . . . .. . . . ......... .........|
00013F80 |. ***************************..... .......... *****************|
00013FC0 |******************* ******************************** .........|
00014000 |..... .. .. .. ............... *********************************|
00014040 |************************************ ......... .....***********|
00014080 |************ ..... . .............. *************************|
000140C0 |************* ..... ......... ..... .. *************************|
00014100 |**************** ...............*******************************|
00014140 |*************** ......... . . .****************** .|
00014180 |.... .......... ..... .. ******************* ........... ..|
000141C0 |... . ..... .... . ...... .. . . . . .|
00014200 |.. . ... . .. ..... .. . .... ...|
00014240 |.. .. .. . . . .. .. . ....... .......... |
00014280 | . .. . .... . . . . . ... .. . . . .... . . .|
000142C0 |.. .. . . ..... ****************************************|
00014300 | ......... .... ..... ....... ...... ........ ... ..|
00014340 |. . ... .. . . . . ... . . . .. . .. . ...|
00014380 |. .... ..... ******************* .... *************|
000143C0 |********* ............ ........ .. .... ... .|
00014400 |.............. ... ................ . . .. . ..... .|
00014440 |..... . .. ............ .. ..... ... .... .... . .. .|
00014480 | ... . . . . . . . . . . . .. ... . |
000144C0 |.. . .. .. .. . .. . .. ... ....... ..... |
00014500 |..... ......... ........ ......... ... ... ....... ***|
00014540 |************************* ...... . ...... ... ...............|
00014580 |. ....... ............. .. . . . .. .. ... . |
000145C0 | . ... .. .. ... . . . .. . ..... .*******|
00014600 |*********** ********************************** ...........|
00014640 |. ************************************************** ......|
00014680 |....... ................ .................... . ..|
000146C0 | . ..... .. .. . . . . . . . . . .. |
00014700 |.. ... .. .. .. .. .... ... ... ... |
00014740 | ... ... ... ... .. .. . . . ... |
00014780 |.. . . . .. .. . . . . . . .. . .. .. .|
000147C0 | ... . .. . . .. .. .. .... . .. . ... .... |
00014800 |. . . .. . . .. .. . .. |
00014840 | .. ... .. . ..... .. . . .... . . .|
00014880 | . . . .... . . . . .. . . .... . .. |
000148C0 | .... . . . . . .. ......... ... .. |
00014900 | . .. . .. . . .. . .. .. .. . ... . .. |
00014940 | . .... ..... ..... . . .. .. . .. . . . |
Who Wrote Sobig? Copyright 2003-2004 Authors Page 40 of 48

00014980 |.. .. .. ... .. .. .. .. . .. . ... .. |

000149C0 |.. . .. . .. . . .. . ... .. .. . . ...|
00014A00 |. .. .. . . ... .. .. . . ... .. .. . . ... |
00014A40 |.. .. . . ... .... . .. . . |
00014A80 | . . . . . . . ... .. . .|
00014AC0 | ... .. .. . ... .. .. . .. . .. . ... |
00014B00 | .. .. . . .. .. .. .. ... .. .. . . . .. |
00014B40 | .. ... .. .. .. .. .... . ... . |
00014B80 |. .. .. . ... ... .. ... . . . .. ..... . .|
00014BC0 | . .. .. .. .. . . . . . ... . . . .. |
00014C00 |.... . . ... .. .. .. .. . ... . .. . |
00014C40 | . . .. . .. . .. . .. ..... . . . .... .|
00014C80 | . . . .... .. . . .... . . . . ...|
00014CC0 |.. . .. . ... . ... . .. . ... . .. |
00014D00 |. . .. . ... ....... .. .. . .... .. .. .|
00014D40 | .... .. .. . .. . .. .. . ...... . . . .. .|
00014D80 |. .. .... . ... .. .. . .. . ... .. .|
00014DC0 |. .... .. . .... . . .. .. ... . ... . .. |
00014E00 | .. .. . ... . ..... . .... ... . ..|
00014E40 | . . ... . ... .... .. . .. .. .. . .. . . |
00014E80 |.. . . .. . .. . .. . . . . . .. .|
00014EC0 | .. . ... .. . .. . .. .. .. ... .. ... |
00014F00 | .. . .. . ... . . .... . .... .. . .. .... .. |
00014F40 | .. ...... .. . .. . .. . .. . . . .. . . .. |
00014F80 | . ..... ... . .. . .... .. . .. .. .... .|
00014FC0 | .. . .. . ... . .. ... ... |
00015000 | .. . .. . ... . .. . . . ..|
00015040 |.. . ... . .. .. .. .. . . .. .. .. .. . . ... . |
00015080 | .. .. ..... . . . .... . . . .... . .|
000150C0 | . . . .... . . . . .... . . . .... .|
00015100 | . . . . .. ..... . . . .. . . ..... .|
00015140 |.. . . . .. .. . . . . . . . |
00015180 |. . .. . ...... . . ... . .. . .. . |
000151C0 | . ... .. ... . .. . .. . ... . .... ...|
00015200 | . .. .. .... . ... ... . .. . .. . .. . . |
00015240 | ... .. .. . ... .. . .. . .. . . .. . .. .|
00015280 | . . .. .. ... . .... .. ...|
000152C0 |. .. . . .. ... . .. . .. . ... .. . .. ... |
00015300 |.. .. . . ...... . . . .. . . ...|
00015340 | ...... . .. . . .. . . .. . ... .. . .. ..|
00015380 | .. .. .. . .. . .... . .. .|
000153C0 |. . . . . .. . ..................|
00015400 |..00000000000000000000000000000000000000000000000000000000000000|
00015440 |0000000000000000000000000000000000000000000000000000000000000000|
00015480 |0000000000000000000000000000000000000000000000000000000000000000|
000154C0 |0000000000000000000000000000000000000000000000000000000000000000|
00015500 |0000000000000000000000000000000000000000000000000000000000000000|
00015540 |0000000000000000000000000000000000000000000000000000000000000000|
00015580 |0000000000000000000000000000000000000000000000000000000000000000|
000155C0 |0000000000000000000000000000000000000000000000000000000000000000|
00015600 |0000000000000000000000000000000000000000000000000000000000000000|
00015640 |0000000000000000000000000000000000000000000000000000000000000000|
00015680 |0000000000000000000000000000000000000000000000000000000000000000|
000156C0 |0000000000000000000000000000000000000000000000000000000000000000|
00015700 |0000000000000000000000000000000000000000000000000000000000000000|
00015740 |0000000000000000000000000000000000000000000000000000000000000000|
00015780 |0000000000000000000000000000000000000000000000000000000000000000|
000157C0 |0000000000000000000000000000000000000000000000000000000000000000|
00015800 |0000000000000000000000000000000000000000000000000000000000000000|
00015840 |0000000000000000000000000000000000000000000000000000000000000000|
00015880 |0000000000000000000000000000000000000000000000000000000000000000|
000158C0 |0000000000000000000000000000000000000000000000000000000000000000|
00015900 |0000000000000000000000000000000000000000000000000000000000000000|
00015940 |0000000000000000000000000000000000000000000000000000000000000000|
00015980 |0000000000000000000000000000000000000000000000000000000000000000|
000159C0 |0000000000000000000000000000000000000000000000000000000000000000|
00015A00 |0000000000000000000000000000000000000000000000000000000000000000|
00015A40 |0000000000000000000000000000000000000000000000000000000000000000|
00015A80 |0000000000000000000000000000000000000000000000000000000000000000|
00015AC0 |0000000000000000000000000000000000000000000000000000000000000000|
00015B00 |0000000000000000000000000000000000000000000000000000000000000000|
Who Wrote Sobig? Copyright 2003-2004 Authors Page 41 of 48

00015B40 |0000000000000000000000000000000000000000000000000000000000000000|
00015B80 |0000000000000000000000000000000000000000000000000000000000000000|
00015BC0 |0000000000000000000000000000000000000000000000000000000000000000|
00015C00 |0000000000000000000000000000000000000000000000000000000000000000|
00015C40 |0000000000000000000000000000000000000000000000000000000000000000|
00015C80 |0000000000000000000000000000000000000000000000000000000000000000|
00015CC0 |0000000000000000000000000000000000000000000000000000000000000000|
00015D00 |0000000000000000000000000000000000000000000000000000000000000000|
00015D40 |0000000000000000000000000000000000000000000000000000000000000000|
00015D80 |0000000000000000000000000000000000000000000000000000000000000000|
00015DC0 |0000000000000000000000000000000000000000000000000000000000000000|
00015E00 |0000000000000000000000000000000000000000000000000000000000000000|
00015E40 |0000000000000000000000000000000000000000000000000000000000000000|
00015E80 |0000000000000000000000000000000000000000000000000000000000000000|
00015EC0 |0000000000000000000000000000000000000000000000000000000000000000|
00015F00 |0000000000000000000000000000000000000000000000000000000000000000|
00015F40 |0000000000000000000000000000000000000000000000000000000000000000|
00015F80 |0000000000000000000000000000000000000000000000000000000000000000|
00015FC0 |*******00000000000000000000000000000000000000000000000..........|
00016000 | .. .. ... ...... .. .. .. .. ... .. .. ... ... ... ..|
00016040 |. ... . .. ... .. .. . . . .. .. ... . . .. ..|
00016080 | .. . . . . . .. .. . .. .. ... ... .. .. ..|
000160C0 | .. ... .. .. .. .. .. .. .. .. .. .. .. .. .. ..|
00016100 | .. .. .. .... .. .. .. .. .. .. ... .. .. .. .. ..|
00016140 | .. .. .. .. .. .. .. ... ... . . . . . . . .|
00016180 | . . .. . . ...... ... .. ......... .. ... .......|
000161C0 | ... ....... . ...... ... ... ... ... ... ... ... ... .......|
00016200 | ....... ... ... ... ... ... ... ... ... ....... . . . .|
00016240 |.... ......... . . . . . . . . . . ... ... ... ... .. ..|
00016280 | .. .. .. .. ...... .. .. .. . .. ...... |
000162C0 | .... . .. ..... ... . .. .|
00016300 | .. . . . . . ... . . . . . .. . . .|
00016340 | ........... ...... ...... ...... ...... ............ .|
00016380 | ...... . . .. . . . . . . .. . .|
000163C0 | . . . .. .. .. . . . .. . . . . . . ..|
00016400 | . . ... . . . . .. . . . . . . . . . .|
00016440 | .. . . . . . . . . . . ... .|
00016480 | . .. . .................... |
000164C0 | . ..********************************************|
00016500 |****************************************************************|
00016540 |****************************************************************|
00016580 |****************************************************************|
000165C0 |*******************..... . ........... ... . ............ .|
00016600 | . . . ........ . . . ... . ......... . .....|
00016640 |........ ...... . .. ... .. ..... ... .. ..............|
00016680 | ...... . ........ . ..... . .************************|
000166C0 |************************************************...... .... . ..|
00016700 |. .. . . . . . ..... .................. . ..... . .|
00016740 |... ...... . ..... . .. ..... . ..... ...|
00016780 | .. . . .. ... . .... . ....****************************|
000167C0 |**************************************************************..|
00016800 |.... .. ........ ...... .. .... ... . . *************|
00016840 |******************************************************** . .|
00016880 | ... . . ... . . ... .... . . .**************|
000168C0 |****************************************************************|
00016900 |****************************************************************|
00016940 |****************************************************************|
00016980 |****************************************************************|
000169C0 |****************************************************************|
00016A00 |****************************************************************|
00016A40 |****************************************************************|
00016A80 |****************************************************************|
00016AC0 |****************************************************************|
00016B00 |****************************************************************|
00016B40 |**********************************.......... . .............|
00016B80 |..**************************************************************|
00016BC0 |**************** . ..... . . ..*******************|
00016C00 | ..................... ..................... .. . .....|
00016C40 |........ ... ............... . ...... . .................|
00016C80 |.... ............. . . ..... ..................... ... .|
00016CC0 | . ................. ............. ......... ......... |
Who Wrote Sobig? Copyright 2003-2004 Authors Page 42 of 48

00016D00 |........ ................. ............. . . .........|

00016D40 |........ ... ............. . . ...... .....................|
00016D80 | .............. ... .............. . ...... .... .....|
00016DC0 |.................... ..... . .... .. ... . .............|
00016E00 |........ ... . ..... . ... .... ..................... . .|
00016E40 |.... . ..... . ..... . ..... . ..... . ..... . ..... . . ... . .|
00016E80 | . ... ......................... .... ..... . ..... .|
00016EC0 |.... ..... ..... . ... . ..... .....................|
00016F00 |.... . . . .. ..................... . ..... . .. ...|
00016F40 | .......................... ..... ...... ... ... .....|
00016F80 |.................... ..... . . ... .....................|
00016FC0 |.... ..... . ..... . ... . ..... . ..... . . . .... .....|
00017000 |................ ... . . .... ..................... ... .|
00017040 |..... . . ..... .......................... ..... . ....|
00017080 | ......................... .. ... . .....................|
000170C0 |.... . . .... ......................... . ..... .....|
00017100 |.................... ..... ... . ... ............. ......|
00017140 |................ ... ... .................. ...... ... .....|
00017180 |.................... ... ... ..................... .|
000171C0 | ..... ..................... . . ..... .............|
00017200 |........ . ... ......................... . ....|
00017240 | ......................... . . .... .....................|
00017280 | ... . . .... . ......................... . . ...... ....|
000172C0 |.................... . ..... . . .... .....................|
00017300 | . . . ... ......................... .. ... . .....|
00017340 |.................... ..... ..... .. ... .. ... .. ...|
00017380 | ............. . . . . ................|
000173C0 | . . ... ......................... ..... .. ...|
00017400 | . ......................... ..... .. ... . .............|
00017440 |............ .. ... . ......................... .. ...|
00017480 | . . ... ................. ..... ......... ... ..... .|
000174C0 |.... ..... ..... . ... . ... .......... ... ...........|
00017500 |. ................. . ..... .......................... .|
00017540 |.... ... .......................... . . . ... . ... .|
00017580 | ... . ... ..... . .... . . ... .....................|
000175C0 |.... . . .... ......................... . ... ... .....|
00017600 |.................... .. .... ..................... .|
00017640 |.... ..... ... ......................... ..... ... ...|
00017680 | ..................... ..... ... .....................|
000176C0 |..... ... ... ..................... . .... .....|
00017700 |................ . .... . ..................... . .|
00017740 |. .... . ......................... . .... .............|
00017780 |............ ..... ..... ... ......... ............... .|
000177C0 |.... . .... ......................... ..... ..... ...|
00017800 | ......................... ..... ..... . . .... .....|
00017840 |.................... ...... ..... ... .....................|
00017880 |.... ..... . ... . ... . ... . .... ..... . ... .|
000178C0 |.. .... ......................... . . .... .............|
00017900 |............ ..... . . ... . . ... . . ... . . ... . . ... . .|
00017940 | ... . . ... . . ... . ..... . . ... ......................|
00017980 | . ..... . .... ..... . ... ... ... .. ... . . ... . .|
000179C0 |.... . ..... . . .... ......................... ...... .|
00017A00 | .... ......................... ..... . . .... .....|
00017A40 |..................... ..... . .... ......................|
00017A80 |.... ..... . ... . ......................... ..... .|
00017AC0 |.... ... ... ...................... ..... ..... .|
00017B00 |.... . ..... . ..... . ..... . ..... . ....... ..... . . ....|
00017B40 | ......................... . . ... .....................|
00017B80 |...... ..... ... ... ......................... . . . ....|
00017BC0 | ......................... . ..... .... .....................|
00017C00 |.... ..... ... ... ..................... . ..... ...|
00017C40 | ......................... .. .... .....................|
00017C80 | . ..... ..... ... ......................... ..... .|
00017CC0 |.. ... ..................... ..... ... .............|
00017D00 |............ ... ... ..................... ..... .|
00017D40 | ... .. ... .. ... .. ... .. ... .. ... .. ... .. ... ..|
00017D80 | ... .. ... .. . . ... . ......................... ...... .|
00017DC0 | ... ..... . . ... .......................... ..... .|
00017E00 | ... ... ... . ... ... ... ..................... ...|
00017E40 |.... ... ... .... .... ......................... . ..... . .|
00017E80 |.... . ..... . . . ... . ... . ......................... . .|
Who Wrote Sobig? Copyright 2003-2004 Authors Page 43 of 48

00017EC0 |.... . ..... . . ... . . ... . ..... . . ... . . ... . ..... ...|
00017F00 | ... . ..... .. ... . ... ............. ... ... ... .....|
00017F40 |............ . .... ......................... . . ...|
00017F80 | ......................... . ....... . . ... .............|
00017FC0 |............ ..... ..... ..... ............. ... .....|
00018000 |.... ............. ... .......... ............. ... ......|
00018040 | ... . ... . ..... ....... . ...........................|
00018080 | .. .. .... . ..................... .. . . ..... . ......|
000180C0 |.... .. . . ... . . . |
00018100 | ................ ... . .. ... .....................|
00018140 | . ..... . ..... .... ... ..... ... .. .. ..... .|
00018180 |.... . ... 000000000000000000000 . ... .....|
000181C0 |.................... ..... ............. ... ......... .|
00018200 |.... ...... . .......... .. .. .......... .. .. ......|
00018240 |.... .. .. .......... .. .. .......... ...... ..........|
00018280 | ... .. .......... .. .. .......... .. ..................|
000182C0 |.... .. . .. ...... ... .. . .. ... .. .. .. .. ..|
00018300 | .. .. .. .. .. .. .. .. .. .. .. .. ... .. .. ..|
00018340 | .. .. .. ... .. .. .. .. .. .. .. .. .. .. .. ..|
00018380 | .. .. .. .... . .. . .. . . ... . . . . . .|
000183C0 | .. . . .. .. .. . . . . ... . ... ... . .|
00018400 | .. .. .. .. ... .. . . . .. . . . .. . .|
00018440 | . ... ... .. .... . . ....... . ... . .... .. .. .. .. |
00018480 | .. .. ... .... .. ..... ... ... ... ... ... ... ... ... ...|
000184C0 | ........... ....... ... ... ... ... ... ... ........... .. .|
00018500 | ..... ..... . . ... . . . . . .|
00018540 | . . .********************** . . . .. .. . |
00018580 | . . .. ..... .. .. . .. . ....... . .. . .. . . . . |
000185C0 |. .. .... . . . ... .. .. ................. . ..|
00018600 |.. . . . . *********************** *******************....|
00018640 | ******************..... ............. ... .... ... . .. . |
00018680 | . ... . . . . . . ........... ..... . ....... ..... .|
000186C0 |. .. .. .. . ... .... ... .. .... ***********************|
00018700 | . . . . .............. ........ . ... .... . . . . ...|
00018740 |. . .......... .... .. ... .. . . .. . .|
00018780 | ... ... ******************** . .... ... ....... . ... .|
000187C0 |... .. ..... ............ . . . . . . .. . .....|
00018800 |..... ... .. ... ............ ........ . . . . .. .... |
00018840 | .... .. ............... ............. . ..................|
00018880 | ............. .............. . . .... ..... .. *************|
000188C0 |**** .. . . . . . ........... .. . ... ...........|
00018900 | ............. .... . ..... ...... . . .. .. ... .|
00018940 | . . . .. .. .. . . .. . . ...... .. ..... |
00018980 | ... . . . .. ... .. . . ..... . . ........... ..... .|
000189C0 | .... .. . . . . .... . . . . .. ... ... . ...|
00018A00 |. . .. *******************************..... .******************|
00018A40 | . ******************** ............ .......... ..|
00018A80 |............ . .. .. .. ******************* ......... . .. |
00018AC0 |. .. . ... .. . . . ****|
00018B00 |**********************************************.......***********|
00018B40 |****** . .. . ******************************** ...|
00018B80 |..... . . ....***********************************************|
00018BC0 |****.************************************............ .. .. ..|
00018C00 |... . .... ...... . ... .... . ..... . . .... . . .|
00018C40 |. ...... . . ... .. . ....... . ..... . .. ...|
00018C80 | .. . .. ............... .. ...... ... . ... ..|
00018CC0 | . . ... ... ... . . .. .. .. ............000000000|
00018D00 |0000000000000000000000000000000000000000000000000000000000000000|
00018D40 |0000000000000000000000000000000000000000000000000000000000000000|
00018D80 |0000000000000000000000000000000000000000000000000000000000000000|
00018DC0 |0000000000000000000000000000000000000000000000000000000000000000|
00018E00 |0000000000000000000000000000000000000000000000000000000000000000|
00018E40 |0000000000000000000000000000000000000000000000000000000000000000|
00018E80 |0000000000000000000000000000000000000000000000000000000000000000|
00018EC0 |0000000000000000000000000000000000000000000000000000000000000000|
00018F00 |0000000000000000000000000000000000000000000000000000000000000000|
00018F40 |0000000000000000000000000000000000000000000000000000000000000000|
00018F80 |0000000000000000000000000000000000000000000000000000000000000000|
00018FC0 |******0.........................................................|
00019000 |.... .. .. .. .. .. .. .. . . . . . . . . . .....|
00019040 |.... . . . ......... ......... ..... .**********|
Who Wrote Sobig? Copyright 2003-2004 Authors Page 44 of 48

00019080 |************************************************.... ... . |

000190C0 | . . ... .. . . .... . . .. ...... |
00019100 |.... . . . ......... . . . .|
00019140 | . . . . . ..... . . . . . ....|
00019180 |........ . . ......... ...... . . . |
000191C0 |........ ..... . ......... .. ... . . .. ... . . . |
00019200 | ... . . . . . . .. . ..... .... . . . .... |
00019240 | ... . .............. . . ... . . ... . .... . . ..|
00019280 |.... .. . ... .... .... ..... .. ... .. ... |
000192C0 | . ..... .. ... ... .. .********************. *********|
00019300 |******************* . . ................ . ......|
00019340 |........ ... . .... . .. ... .... . .... ...|
00019380 | . .. ...... ........ .. *************************|
000193C0 |***. .. . . . ............... .. .. ....|
00019400 |. ***************************************************. ... ..|
00019440 |. . . . .. .. . .. .... . . . ... |
00019480 |.... . . ........... .. . .. . ... ... . ... |
000194C0 | .... . ... .. . .. .. . .. . . . .. . |
00019500 | .. .. ..... ... .. . ..... . . .. ..... ... |
00019540 |.... .. ... ....... . ... .. . ............ .... ..... |
00019580 | .. . ... . .. ... .. . . . .. .... .|
000195C0 | . . .... . . . ... . .... .. ..... |
00019600 | .. .. ... ... . .. .. . . .. .. .... .|
00019640 | ... . . .... .. .. . . ... . . .. . . .. . .. |
00019680 |..... .. . .. ..... ... .......... .. .... .. .... . .. ....|
000196C0 |.... . . . . ... .... ... . .. .. ..... .. .. . .|
00019700 |. . .. . . ...... . .. . ... ... .. ........ .. . .. . .|
00019740 | .. . ... ... .. ........ .. . . . ... . ...... . ...|
00019780 | .. .... ...... . ... . ... ... ... .... ... . .|
000197C0 | . .. .... . . . .. ... . .. .. . .. . |
00019800 |. . . .. .... .. .. .. . . ..... .. . .. . ... |
00019840 |. ..... . . .. . ...... ... ... . ...... ...|
00019880 |. .. ...... . . . ... .... . .... ... .... .|
000198C0 | ...... ... .... ...... ..... .. ... .. . ... .... |
00019900 | . . . . ..... ... ... .. ... . . |
00019940 |..... .. . . .. .... ....... . . . . . ...|
00019980 |. ........ . . .. ..... . .. ... . . .. . . .|
000199C0 | . . .. .. . .. .. . . .. . . ... . .|
00019A00 | . .. .. .. .. . . . . . . .. ... |
00019A40 | . ... . . ... . . . . . .. .. . . . |
00019A80 | ..... . ... . . ... . ...... ... . .... . |
00019AC0 | . . . . ... .. . . . . .... . .. ... .|
00019B00 | . . . . . .... .. . . . . . .. |
00019B40 | .. .. . . . .. . . . . .. ... . |
00019B80 |.... . ... . .. .. . ..... . . . . . |
00019BC0 |. ... . ..... ... . .. . . . . .. ... |
00019C00 | ... . . .. ... . . .. . .... .... |
00019C40 | . .. ... ... . .|
00019C80 | . . . . . . . . . ....|
00019CC0 | ..... .... .... ...... ..... ... ..... . . .|
00019D00 | . . ... . . .. .. . .... . . . .. |
00019D40 | . .. . ... . .|
00019D80 | . . . . . . .. . . .. . . . . |
00019DC0 |... . . . . . . .... . . .. .. . ... .. .|
00019E00 | . . .. . .. . .... . . . . . . . . . . .|
00019E40 |. .... ... .. . .... .. ....... .. . . . . .|
00019E80 | . . .... ... . .. ..... . . . .. . .... . . .|
00019EC0 |.. . . . . .. .. . . .. .. . .. . .... . . |
00019F00 |. . .. . . .... . . .. . . .. . .... .. . .. . |
00019F40 |.... . . . . ... . ..... . ... . ... ... ............. |
00019F80 |. . .... ...... . .... . ..... . .. ..|
00019FC0 | . ..... . . .... . ..... ... .. ..... ... ..|
0001A000 | . . ..... . . ............. ............|
0001A040 | .. .. .. .. ............... .. .. . . . . .. .|
0001A080 | . . . . . . . . . . . . . . . . . . . . . . .|
0001A0C0 | . . . . . . . . . . . . ... .. .. .. .. .. .. .. .. ..|
0001A100 | .. .. .. .. .. .. . ... ...... ............. .....|
0001A140 | . ............ . ..... . ....... ..............|
0001A180 |................................................................|
0001A1C0 |...............................000000000000000000000000000000000|
0001A200 |0000000000000000000000000000000000000000000000000000000000000000|
Who Wrote Sobig? Copyright 2003-2004 Authors Page 45 of 48

0001A240 |0000000000000000000000000000000000000000000000000000000000000000|
0001A280 |0000000000000000000000000000000000000000000000000000000000000000|
0001A2C0 |0000000000000000000000000000000000000000000000000000000000000000|
0001A300 |0000000000000000000000000000000000000000000000000000000000000000|
0001A340 |0000000000000000000000000000000000000000000000000000000000000000|
0001A380 |*******00000000000000000000000000...............0000000000000000|
0001A3C0 |000000000000................. .............................. .|
0001A400 |............ ............... 000000000000000000000000000000000|
0001A440 |******00000000000...............................................|
0001A480 |........................ . *********************************|
0001A4C0 |****************************************************************|
0001A500 |****************************************************************|
0001A540 |****************************************************************|
0001A580 |********************........ .. . . . . . .........|
0001A5C0 | . . . .********************************************************|
0001A600 |****************************************************************|
0001A640 |****************************************************************|
0001A680 |****************************************************************|
0001A6C0 |****************************************************************|
0001A700 |0000000000000000000000000000000000000000000000000000000000000000|
0001A740 |0000000000000000000000000000000000000000000000000000000000000000|
0001A780 |*******0000000000000000000000000000000000000000000000000000000..|
0001A7C0 |.........................***************************************|
0001A800 |***************************************************. ....... ...|
0001A840 | ... ... .... . ... . ... . .... . ... . .... . ... . .|
0001A880 | ..... . ..... ..... . .... . ... . .... . ... .|
0001A8C0 | .... ..... ..... ..... . ... .|
0001A900 | ... .. ... . ... . .... ....... ...... . ...... .|
0001A940 |................. ........... .. ... 0000000000000000000........|
0001A980 |........................0000000000000000000000000000000000000000|
0001A9C0 |****************************************************************|
0001AA00 |******0000000000000000000000000000000000000000000000000000000000|
0001AA40 |****************************************************************|
0001AA80 |****************************************************************|
0001AAC0 |*******0000000000000000000000000000000000000000000000000 . . .|
0001AB00 |..............................**********************************|
0001AB40 |****************************************************************|
0001AB80 |*************************************... .... ......************|
0001ABC0 |******************** ..... ..... ..... ..... .. ... .|
0001AC00 |.... ..... . . ... . . ... . . ... . . ... . ... . ... .|
0001AC40 | ... . ... . .... . ... ..... .**************************|
0001AC80 |****************************************************************|
0001ACC0 |****************************************************************|
0001AD00 |****************************************************************|
0001AD40 |****************************************************************|
0001AD80 |****************************************************************|
0001ADC0 |*****.........**************************************************|
0001AE00 |********........ ....... . . . . . . . . . . . . . . .|
0001AE40 | .............. ......... ......... ........ |
0001AE80 |..**************************************************************|
0001AEC0 |****************************************************************|
0001AF00 |****************************************************************|
0001AF40 |****************************************************************|
0001AF80 |****************************************************************|
0001AFC0 |****************************************************************|
0001B000 |****************************************************************|
0001B040 |****************************************************************|
0001B080 |****************************************************************|
0001B0C0 |****************************************************************|
0001B100 |****************................................................|
0001B140 |..................0000000000000000000000000000000000000000000000|
0001B180 |0000000000000000000000000000000000000000000000000000000000000000|
0001B1C0 |0000000000000000000000000000000000000000000000000000000000000000|
0001B200 |0000000000000000000000000000000000000000000000000000000000000000|
0001B240 |0000000000000000000000000000000000000000000000000000000000000000|
0001B280 |0000000000000000000000000000000000000000000000000000000000000000|
0001B2C0 |0000000000000000000000000000000000000000000000000000000000000000|
0001B300 |0000000000000000000000000000000000000000000000000000000000000000|
0001B340 |0000000000000000000000000000000000000000000000000000000000000000|
0001B380 |0000000000000000000000000000000000000000000000000000000000000000|
0001B3C0 |0000000000000000000000000000000000000000000000000000000000000000|
Who Wrote Sobig? Copyright 2003-2004 Authors Page 46 of 48

0001B400 |0000000000000000000000000000000000000000000000000000000000000000|
0001B440 |0000000000000000000000000000000000000000000000000000000000000000|
0001B480 |0000000000000000000000000000000000000000000000000000000000000000|
0001B4C0 |0000000000000000000000000000000000000000000000000000000000000000|
0001B500 |0000000000000000000000000000000000000000000000000000000000000000|
0001B540 |0000000000000000000000000000000000000000000000000000000000000000|
0001B580 |0000000000000000000000000000000000000000000000000000000000000000|
0001B5C0 |0000000000000000000000000000000000000000000000000000000000000000|
0001B600 |0000000000000000000000000000000000000000000000000000000000000000|
0001B640 |0000000000000000000000000000000000000000000000000000000000000000|
0001B680 |0000000000000000000000000000000000000000000000000000000000000000|
0001B6C0 |0000000000000000000000000000000000000000000000000000000000000000|
0001B700 |0000000000000000000000000000000000000000000000000000000000000000|
0001B740 |0000000000000000000000000000000000000000000000000000000000000000|
0001B780 |0000000000000000000000000000000000000000000000000000000000000000|
0001B7C0 |0000000000000000000000000000000000000000000000000000000000000000|
0001B800 |0000000000000000000000000000000000000000000000000000000000000000|
0001B840 |0000000000000000000000000000000000000000000000000000000000000000|
0001B880 |0000000000000000000000000000000000000000000000000000000000000000|
0001B8C0 |0000000000000000000000000000000000000000000000000000000000000000|
0001B900 |0000000000000000000000000000000000000000000000000000000000000000|
0001B940 |0000000000000000000000000000000000000000000000000000000000000000|
0001B980 |0000000000000000000000000000000000000000000000000000000000000000|
0001B9C0 |0000000000000000000000000000000000000000000000000000000000000000|
0001BA00 |0000000000000000000000000000000000000000000000000000000000000000|
0001BA40 |0000000000000000000000000000000000000000000000000000000000000000|
0001BA80 |0000000000000000000000000000000000000000000000000000000000000000|
0001BAC0 |0000000000000000000000000000000000000000000000000000000000000000|
0001BB00 |0000000000000000000000000000000000000000000000000000000000000000|
0001BB40 |0000000000000000000000000000000000000000000000000000000000000000|
0001BB80 |0000000000000000000000000000000000000000000000000000000000000000|
0001BBC0 |0000000000000000000000000000000000000000000000000000000000000000|
0001BC00 |0000000000000000000000000000000000000000000000000000000000000000|
0001BC40 |0000000000000000000000000000000000000000000000000000000000000000|
0001BC80 |0000000000000000000000000000000000000000000000000000000000000000|
0001BCC0 |0000000000000000000000000000000000000000000000000000000000000000|
0001BD00 |0000000000000000000000000000000000000000000000000000000000000000|
0001BD40 |0000000000000000000000000000000000000000000000000000000000000000|
0001BD80 |0000000000000000000000000000000000000000000000000000000000000000|
0001BDC0 |0000000000000000000000000000000000000000000000000000000000000000|
0001BE00 |0000000000000000000000000000000000000000000000000000000000000000|
0001BE40 |0000000000000000000000000000000000000000000000000000000000000000|
0001BE80 |0000000000000000000000000000000000000000000000000000000000000000|
0001BEC0 |0000000000000000000000000000000000000000000000000000000000000000|
0001BF00 |0000000000000000000000000000000000000000000000000000000000000000|
0001BF40 |0000000000000000000000000000000000000000000000000000000000000000|
0001BF80 |000000000000000000000000000000000000000000000000000000000000....|
0001BFC0 |*******00000000000000...000000000000000000000000................|
0001C000 |. ..... ...... . ... ... . . . ...... . . |
0001C040 | .. .. .... . .. . ... ......|
0001C080 | ... .. . .. .. ...|
0001C0C0 | ........ . ..... ... . ... . . . . . .. .. |
0001C100 | ... . .... . . .... . . . ... . ... ... .. |
0001C140 | . ... . . . ... . ...... .. .... . . . |
0001C180 |.. .... . .. .. . . .. . . . .... |
0001C1C0 | . .. . . . . . ... . . . . |
0001C200 |... ... . . . . . . . . .... .. |
0001C240 | .. .. . . . .. . . .. . ... . . .. . |
0001C280 | ..... .. ... .... . . . .. ... .. |
0001C2C0 | .. .... ... .... .... .... .... |
0001C300 |..... ... .. .. . ..... . ... .. .|
0001C340 |... .. . . ..... . . . .. ... ..|
0001C380 |. .. .. .... .. . .. .. .. . . ... |
0001C3C0 | . ... . . .... .. . .. .. .. . .. |
0001C400 | ... .. .. .. . . ... .. .... .. . . ....|
0001C440 |.................................................. . .|
0001C480 | . . . . .. . .. . . . .... . |
0001C4C0 | . .. ... .. . . . ... . . .|
0001C500 |. . .. . . . . . |
0001C540 |. . . . . ... . . |
0001C580 | . . . . . . . . . |
Who Wrote Sobig? Copyright 2003-2004 Authors Page 47 of 48

0001C5C0 | . . . ... .. . . |
0001C600 | . . . ... . .|
0001C640 | .. .. . . . . . . . |
0001C680 | .... .. . . . ..... .... .. .. . ..... . |
0001C6C0 | . .. . .... ... . . .. . .. . |
0001C700 | .. . . .. . . .. . . .. .. ... |
0001C740 | . . . . .. . . . . . .. . |
0001C780 | . . . . ... .. . ... ... .|
0001C7C0 |. . ... ... . ... .. . .. .. . . . |
0001C800 | .. . ... ... . ... .. .. .|
0001C840 |... .. . ... .. .... . .. . ... |
0001C880 | . . . . . . . .. . . . ..... ... ... |
0001C8C0 | . . . ... .... . . . . . . .. ...|
0001C900 |. ... ... . . .. . .. .. .. |
0001C940 | . .... .. .. ...... . . ... .|
0001C980 | ... .... ........... . .. . . . .... .... ... .. . |
0001C9C0 | . . . . . .. .... . .. . ... |
0001CA00 | . . . ... . .. ... ....... |
0001CA40 | . .... . . .... . ..... . .. .. |
0001CA80 |.. .. .. . . . . .. . .... .. . |
0001CAC0 | . .. . .. . .. . . .. . .. .. .. ... ... ...|
0001CB00 | .... . . .. .. .. . . . .. . .. .. ... |
0001CB40 | ... . . ... ... .. . . . .. ..... .. .|
0001CB80 |. .. .. . . . .. .. . . ... ... ..|
0001CBC0 | . . . ... . .. . . . ...|
0001CC00 |.. ..... . . .. .. . . .. .. .. . . |
0001CC40 | . .. .. . . . . . . . . .|
0001CC80 | . .. .. . . .. . . . . . ... ...... |
0001CCC0 | . . . . . . .. .. .. . .. |
0001CD00 |... . . . . . . . . . . . |
0001CD40 | . . . . . . . . . . .. |
0001CD80 | . .. .... .. . . |
0001CDC0 | ... . .. . . .. .. . . . .|
0001CE00 | .. . .... . .. . .. .. .. .. . .. .... |
0001CE40 | . .. . . . . . .... . .|
0001CE80 | . .. . . . . . . . |
0001CEC0 | .. .... . ...... . . . . . |
0001CF00 | .. . . . .. . . . . .. ... . |
0001CF40 | . . . ... .. . .|
0001CF80 |. .. . . . . . . . . . .|
0001CFC0 | . . ..... . . . .... ... |
0001D000 | . ... . .. ... . . . |
0001D040 |.. . . . ... . ... ... .. . . ... . .. .|
0001D080 |. .. .. ... ... ... . . . . ..|
0001D0C0 |. . ... . ... . ... .... . ... . ..|
0001D100 | . . . ... . .... . . . .. . . . . ... |
0001D140 | ... . .. . . . . ... .. .. .... . .. . |
0001D180 | ..... .. . ... ... . .. . . |
0001D1C0 | . . . . .. . .. . ... . . ... |
0001D200 | . . . . . . .. . .... . .... ......|
0001D240 |... ... . ... . ... . ... . . . ... .|
0001D280 |.. .. .. .. .. .... ... . . ... ..|
0001D2C0 |. .. . . . . . . .. . . . . . |
0001D300 |... . . .. . .. ... . .. . .. . . |
0001D340 | . .. . . . . . ... . |
0001D380 | . . .. .. . . ... . ... .... .. |
0001D3C0 | .... .. ........ ... . ... .. ... . . |
0001D400 | . .... . . ...... ..... ... . . ... . .|
0001D440 | . . . . ..... . . .. . |
0001D480 |... .... .. . ... . . .. . . . |
0001D4C0 | . . . .. .. . .. .. . . . . . . |
0001D500 |. .. ... ... ... .. ... .. .. ... ... .. ..|
0001D540 |. . .... ... . . . ... . ... .. . . |
0001D580 | ........ ........ ... ......... . . . |
0001D5C0 | . .. ... .. .. ... . . . ... |
0001D600 | . . . .. .. . . . . ...... . . |
0001D640 | . .. . . . . .. . . .. ..... ... . . |
0001D680 |... . . . . . . .. . . .|
0001D6C0 | . ... . . |
0001D700 | . . . . . ... . . . |
0001D740 | . .. . . . . . . .. |
Who Wrote Sobig? Copyright 2003-2004 Authors Page 48 of 48

0001D780 | . . . . . . . . . . |
0001D7C0 | .. . ... . . |
0001D800 | . .. . . . . . . . . . |
0001D840 |. . . . . . . . ... |
0001D880 | . . . . . . . . . |
0001D8C0 | .. .. . . . . .. |
0001D900 | . .... .. ... . . . . . .. . |
0001D940 | . . . . . . |
0001D980 |. . . . . . .. . . ... ..... |
0001D9C0 | . .... .. .. . .. . .. ... |
0001DA00 |. . .. . . ...... .... ... . .. .. |
0001DA40 |.... ... . . .... ... . .. .. .. . |
0001DA80 | . . . . .. . ... .... ..|
0001DAC0 | ..... . ... ... . |
0001DB00 | . . . . ... . . . . . . |
0001DB40 | . . . . .. . ... . .|
0001DB80 | . . . . . .|
0001DBC0 | . ..... .. .. . ... ......... . . .......|
0001DC00 |.. . ..................... ..... ..... ..... .*******|
0001DC40 |**********. .. . ********************** .............|
0001DC80 |.. ..... . . . . . . ... ......... ........... ..|
0001DCC0 |.. .. ............. . .... ..... .. .. ... .. .. ..|
0001DD00 |. .. ........................................................|
0001DD40 |............................ . ... ... ... ... ... ... ... ..|
0001DD80 |. .. .. ... .. .. ... ... ....... .................... ...|
0001DDC0 |..*****00000000000000000000 ...... .. . . ... . . ... . |
0001DE00 |. . .. . ............. . .. ...... . .. . . .... . .....|
0001DE40 |.. .... . .. . . ....... . .. . . . . . . .. . .|
0001DE80 | .. . . .. . . . . . . ....... . . ... . ..... . |
0001DEC0 |... . ... . .. .. . .. .. . .. . . . .... .|
0001DF00 | ...... .. . .. .. ....... . .... . ......... . .. ..|
0001DF40 |. ... . . . . .... . ... ..... ... . . . |
0001DF80 |.. ...............000000000000000000000000000000000000000000|
0001DFC0 |0000000000000000000000000000000000000000000000000000000000000000|
0001E000 |0000000000000000000000000000000000000000000000000000000000000000|
0001E040 |0000000000000000000000000000000000000000000000000000000000000000|
0001E080 |0000000000000000000000000000000000000000000000000000000000000000|
0001E0C0 |0000000000000000000000000000000000000000000000000000000000000000|
0001E100 |0000000000000000000000000000000000000000000000000000000000000000|
0001E140 |0000000000000000000000000000000000000000000000000000000000000000|
0001E180 |00000000000000000000000000000000000000000000000000..............|
0001E1C0 |..0000000000000000000000000000000000...0000000000000000000000000|