Sample details: b16f719f27def752e31254bc68a90721 --

Hashes
MD5: b16f719f27def752e31254bc68a90721
SHA1: b8350d8bc2dac8bab60b908212750d20c2a32269
SHA256: 6292b0ab3be5f82c65b40e7b49d75ec9688077ef1b7e673cda44e52ec4526680
SSDEEP: 6144:io0VbNnyaXKfPWHa4baDJd6n2j8m6MT/X5G65DIxaCa+wYde4g8OIuAuErqqD163:yVXX5baDJd6n2hCxaCanYde4XOIAEGq
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Borland_Delphi_30_additional | YRP/Borland_Delphi_30_ | YRP/Borland_Delphi_v40_v50 | YRP/Borland_Delphi_v30 | YRP/Borland_Delphi_DLL | YRP/IsPE32 | YRP/IsDLL | YRP/IsConsole | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/DebuggerException__SetConsoleCtrl | YRP/anti_dbg | YRP/network_udp_sock | YRP/network_tcp_listen | YRP/network_tcp_socket | YRP/network_dns | YRP/escalate_priv | YRP/keylogger | YRP/win_mutex | YRP/win_token | YRP/win_files_operation | YRP/Big_Numbers1 | YRP/RijnDael_AES_CHAR | YRP/RijnDael_AES_LONG | YRP/Str_Win32_Winsock2_Library | FlorianRoth/BTC_Miner_lsass1_chrome_2 |
Source
http://www.eeme7j.win/mule.dll
http://www.eeme7j.win/mule.dll
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
D$hVPjLh
L$D_^[3
L$L_^[3
uF8C u&
tA;9u2
;x |*;K|u%
T$ 9l$
L$$j=S
D$ SVWj
L$(+L$4
D$PSVW
L$\_^[3
SVWhL'
SVWh|'
3A|3AT3A,3
3Qx3QP3Q(
3AX3A03A
3Ad3A<3A
3Q`3Q83Q
3q\3q43q
3Al3AD3A
3Qh3Q@3Q
3At3AL3A$3
3Qp3QH3Q 3
1y,1qP1yT1qx
1q01qX1
1y41y\1
1q81y<1q`1yd1
3D$$1A
1A@1Ah1
1QD1Ql1
1A 1Q$1QL1Qt1
1AH1Ap1
1Qh#D$
#l$$#\$
A,5Dsp
D$<"8	
i45"8	
T$,3T$<
T$(3T$D
T$(3T$H
T$43T$<
F8_^][
T$83l$
L$83L$$
L$03l$
	D$03t$(
D$03D$
l$,3T$
t$H3\$
t$H3T$
3t$,3|$
	D$83T$(
l$83l$
D$43T$ 3D$
D$D3T$ 
L$03L$$
L$<3l$
	D$43t$(
D$43D$
L$ 3t$
t$H3\$
t$H3T$
1\$03L$$
l$P3|$
	D$<3T$(
l$<3l$
D$43T$ 3D$
L$03L$$
L$<3l$
	D$43t$(
D$43D$
t$03\$
\$,3t$
l$P3|$
l$<3T$(3l$
D$43T$ 3D$
L$03L$$
L$<3l$
	D$43t$(
D$43D$
t$H3T$
l$43l$
D$83T$ 3D$
D$D3T$ 
L$03L$$
L$<3l$
	D$43t$(
D$43D$
t$H3T$
L$<3t$
	D$43T$(
l$43l$
D$83D$
D$D3T$ 
L$03L$$
L$<3l$
	D$43t$(
D$43D$
D$`3t$
|$(3\$
L$<3t$
	D$43T$(
l$43l$
D$83D$
D$T3T$ 
L$03L$$
L$<3l$
D$43D$
T$$3l$
|$,3T$
T$83\$
	D$43T$(
l$43l$
D$83T$ 3D$
|$(3T$ 
L$03L$$
L$<3l$
	D$43t$(
D$43D$
t$p3\$
t$p3T$
	D$43T$(
l$43l$
D$83T$ 3D$
D$p3T$ 
L$03L$$
L$p3l$
l$03D$(3l$
t$43t$(
1D$03t$,
\$@3D$$
|$X3D$
|$\;|$\w
D$t3T$ 
D$X3|$@%
|$l;|$lw
|$d3D$
~D$X3G
|$P3t$
D$@3D$
D$L;D$xw
|$p3t$
|$X3D$
|$\;|$\w
D$t3T$ 
D$X3|$@%
|$l;|$lw
|$d3D$
~D$X3G
|$P3t$
D$@3D$
D$L;D$xw
|$p3t$
~L$L3<
~D$t34
~D$434
~D$T34
~\$@34
~D$\3<
~\$L3<
~D$,3<
~D$h34
~D$t34
~D$434
~D$p34
~\$@3<
~\$H3<
~\$L3<
~D$d34
~D$,3<
~D$h34
~D$t34
~\$434
~D$x34
~D$X3<
~\$D3<
~\$H3<
~D$(3<
~D$d34
~D$03<
~D$h34
~\$T34
~D$p34
~\$434
~\$@3<
~D$D3<
~\$H3<
~D$L3<
~\$P3<
~D$T3<
~\$X3<
~\$`3<
~\$@3<
~\$H3<
~D$L3<
~\$P3<
~D$T3<
~\$X3<
~D$\3<
~\$`3<
~\$@3<
~\$H3<
~D$L3<
~\$P3<
~D$$3<
~\$X3<
~D$\3<
~L$L3<
~D$t34
~D$434
~D$T34
~\$@34
~D$\3<
~\$L3<
~D$,3<
~D$h34
~D$t34
~D$434
~D$p34
~\$@3<
~\$H3<
~\$L3<
~D$d34
~D$,3<
~D$h34
~D$t34
~\$434
~D$x34
~D$X3<
~\$D3<
~\$H3<
~D$(3<
~D$d34
~D$03<
~D$h34
~\$T34
~D$p34
~\$434
~\$@3<
~D$D3<
~\$H3<
~D$L3<
~\$P3<
~D$T3<
~\$X3<
~\$`3<
~\$@3<
~\$H3<
~D$L3<
~\$P3<
~D$T3<
~\$X3<
~D$\3<
~\$`3<
~\$@3<
~\$H3<
~D$L3<
~\$P3<
~D$$3<
~\$X3<
~D$\3<
L$<_^][3
D$DjdP
L$49u$
+T$0SW
L$ SWP
S9t$$t$j
j9_j0^;
F<_^][Y
QQSUVW
_^][YY
_^][YY
[_^]YY
@_^][Y
SUVWQQ
H@;A8u
B@;P8u
H@;A8u
B@;P8u
B@;P8u
B@;P8u
B@;P8u
A@;H8u
B@;P8u
SUVWh<)
D$ Qhh
UVWh\*
V$9T$4
D$$APh
D$$UVW
F<_^][
F<_^][
""""""""""""""""""""
"""""""""""""""""""""""""""""""""""""""""""""""""
D$<SUV
f;D$(w
L$L_^][3
D$@SUVW
L$$QVPj 
D$ VQj 
D$0;D$H
G,_^][
y,_^][
{,_^][
@tG9{4u
C49{@u
@tG9{8u
C89{Du
@tG9{<u
C<9{Hu
{,_^][
{,_^][
{,_^][
;_[^]Y
FH^][Y
FH_^][Y
FH_^][
FH_^][
FH_^][
FH_^][
FH_^][
FH_^][
D$lVWj
L$t_^3
GH_^][
GH_^][
L$HQVVVP
D$HPVVV
FH_^][
FH_^][
;FHs6f
Jt>=&'
.t"=}'
HX_^][Y
G<_^][Y
G<_^][Y
G<_^][Y
s(_^][
s(_^][
G<_^][
G<_^][
L$(_^[3
s(_^][Y
s(_^]3
u,_^][
H8;A0u
B8;P0u
H8;A0u
B8;P0u
B8;P0u
B8;P0u
B8;P0u
A8;H0u
B8;P0u
FD;G$wer
F@;G w[
NHPQPQ
s(_^][
s(_^][
G<_^][
G<_^][
G<_^][
D$(][_
D$(][_
D$,	F,3
D$4SUV
s,_^][
D$4;D$8u
L$D_^][3
G<_^][
G<_^][
t$$tjj
F<_^][Y
F<_^][Y
F<_^][Y
D$ Phx
;D$ vH
^,^][Y
{(]_^[
u,_[^]
L$,_^3
^,_^][
^,_^][
uSVh\*
j Uh$ 
_^][YY
_ZY[_[Y
Wj [SUj
@Wj@Uh
L$mWj@j
L$~Wj@j
Wj@^Vj
Wj@Uj B
Wj@[Sj
v	N+D$
Unknown exception
bad allocation
bad array new length
"%s" hash self-test failed.
[01;33mpaused
[0m, press 
[01;35mr
[0m to resume
paused, press 'r' to resume
[01;32mresumed
resumed
Ctrl+C received, exiting
SIGHUP received, exiting
SIGTERM received, exiting
SIGINT received, exiting
vector<T> too long
[01;37m
[01;30m
[%d-%02d-%02d %02d:%02d:%02d]%s %s%s
[%d-%02d-%02d %02d:%02d:%02d] 
{"id":%llu,"jsonrpc":"2.0","method":"submit","params":{"id":"%s","job_id":"%s","nonce":"%s","result":"%s"}}
job_id
target
[%s:%u] duplicate job received, ignore
[%s:%u] getaddrinfo error: "%s"
jsonrpc
method
params
[%s:%u] JSON decode failed: "%s"
result
message
[%s:%u] error: "%s", code: %lld
[%s:%u] unsupported method: "%s"
Unauthenticated
[%s:%u] login error code: %d
{"id":%lld,"jsonrpc":"2.0","method":"keepalived","params":{"id":"%s"}}
[%s:%u] connect error: "%s"
[%s:%u] read error: "%s"
[%s:%u] DNS error: "%s"
[%s:%u] DNS error: "No IPv4 records found"
map/set<T> too long
ambiguous option -- %.*s
option doesn't take an argument -- %.*s
option requires an argument -- %s
unknown option -- %c
Usage: xmrig [OPTIONS]
Options:
  -a, --algo=ALGO       cryptonight (default) or cryptonight-lite
  -o, --url=URL         URL of mining server
  -O, --userpass=U:P    username:password pair for mining server
  -u, --user=USERNAME   username for mining server
  -p, --pass=PASSWORD   password for mining server
  -t, --threads=N       number of miner threads
  -v, --av=N            algorithm variation, 0 auto select
  -k, --keepalive       send keepalived for prevent timeout (need pool support)
  -r, --retries=N       number of times to retry before switch to backup server (default: 5)
  -R, --retry-pause=N   time to pause between retries (default: 5)
      --cpu-affinity    set process affinity to CPU core(s), mask 0x3 for cores 0 and 1
      --no-color        disable colored output
      --donate-level=N  donate level, default 5%% (5 minutes in 100 minutes)
  -B, --background      run the miner in the background
  -c, --config=FILE     load a JSON-format configuration file
  -l, --log-file=FILE   log all output to a file
      --max-cpu-usage=N maximum CPU usage for automatic threads mode (default 75)
      --safe            safe adjust threads and av settings for current CPU
      --nicehash        enable nicehash support
      --print-time=N    print hashrate report every N seconds
  -h, --help            display this help and exit
  -V, --version         output version information and exit
unknown option -- %s
option requires an argument -- %c
a:c:khBbfp:Px:r:R:s:t:T:o:u:O:v:Vl:S
Sb*kA?AT?*
0Hx(x`(07
$~Z6ZH6$
tX4Fr.rh.46Aw-wl-6
cB pP0P@0 
&y_5_L5&
.eK9K\9.
2O}+}d+2
k(lD<DP<(
r\8Tl$lp$8W_
>]c!c|!>
:Si'it':'
+"wU3UD3"
-<Zf"fx"<
m,bN:NX:,
~	L#'Q&
)l\^'-
L&&jl66Z~??A
Oh44\Q
sb11S*
uB!!c 
D""fT**~;
;d22Vt::N
J%%o\..r8
gg}V++
jL&&Zl66A~??
Sb11?*
tX,,.4
RRMv;;a
MMUf33
PPDx<<
cB!!0 
~~Gz==
fD""~T**
Vd22Nt::
xxoJ%%r\..$8
ppB|>>
aa_j55
UUxP((z
&jL&6Zl6?A~?
~=Gz=d
"fD"*~T*
2Vd2:Nt:
x%oJ%.r\.
a5_j5W
=&&jL66Zl??A~
g99KrJJ
==Gzdd
""fD**~T
22Vd::Nt
$$lH\\
77Ynmm
%%oJ..r\
55_jWW
:,c|w{
                                
0123456789ABCDEF
0123456789abcdef
%u.%u.%u.%u
0123456789
dev donate started
[01;37muse pool 
[01;36m%s:%d 
[01;30m%s
use pool %s:%d %s
dev donate finished
no active pools, stop mining
[01;31mrejected
[0m (%lld/%lld) diff 
[01;37m%u
[31m"%s"
[01;30m(%llu ms)
rejected (%lld/%lld) diff %u "%s" (%llu ms)
[01;32maccepted
[0m (%lld/%lld) diff 
[01;37m%u
[01;30m(%llu ms)
accepted (%lld/%lld) diff %u (%llu ms)
[01;35mnew job
[0m from 
[01;37m%s:%d
[0m diff 
[01;37m%d
new job from %s:%d diff %d
fee.xmrig.com
.nicehash.com
stratum+tcp://
47fdWqnYJyyWypHfJGpnSvNaejHzWuuv6WG2bZceWfbREJZj4qjBaZPhzV5ttZSQU7joXLbfMG4YPcDxPbtErNk1ENqjvRL
POSIXLY_CORRECT
background
config
cpu-affinity
donate-level
keepalive
log-file
max-cpu-usage
nicehash
no-color
print-time
retries
retry-pause
syslog
threads
userpass
version
colors
cryptonight
cryptonight-lite
config.json
stratum+tcp://xmr.crypto-pool.fr:80
stratum+tcp://xmr.crypto-pool.fr:3333
stratum+tcp://mine.moneropool.com:80
stratum+tcp://mine.moneropool.com:3333
%s: unsupported non-option argument '%s'
No pool URL supplied. Exiting.
%s:%d: %s
Try "xmrig" --help' for more information.
XMRig 2.2.1
 built on Oct 21 2017 with MSVC
 features: i386 AES-NI
libuv/%s
libjansson/%s
cryptonight-light
 MSVC/%d
[01;32m * 
[01;37mVERSIONS:     
[01;36mXMRig/%s
[01;37m libuv/%s%s
 * VERSIONS:     XMRig/%s libuv/%s%s
[01;32menabled
[01;31mdisabled
[01;32mavailable
[01;31munavailable
[01;32m * 
[01;37mHUGE PAGES:   %s, %s
enabled
disabled
available
unavailable
 * HUGE PAGES:   %s, %s
[01;32m
[01;31m-
[01;32m * 
[01;37mCPU:          %s (%d) %sx64 %sAES-NI
[01;32m * 
[01;37mCPU L2/L3:    %.1f MB/%.1f MB
 * CPU:          %s (%d) %sx64 %sAES-NI
 * CPU L2/L3:    %.1f MB/%.1f MB
, affinity=0x%llX
[01;31m
[01;32m * 
[01;37mTHREADS:      
[01;36m%d
[01;37m, %s, av=%d, %sdonate=%d%%%s
 * THREADS:      %d, %s, av=%d, %sdonate=%d%%%s
[01;32m * 
[01;37mPOOL #%d:      
[01;36m%s:%d
 * POOL #%d:      %s:%d
[01;32m * 
[01;37mCOMMANDS:     
[01;35mh
[01;37mashrate, 
[01;35mp
[01;37mause, 
[01;35mr
[01;37mesume
 * COMMANDS:     'h' hashrate, 'p' pause, 'r' resume
%03.1f
[01;37mspeed
[0m 2.5s/60s/15m 
[01;36m%s 
[22;36m%s %s 
[01;36mH/s
[0m max: 
[01;36m%s H/s
speed 2.5s/60s/15m %s %s %s H/s max: %s H/s
list<T> too long
RtlGetVersion
%s/%s (Windows NT %lu.%lu
) libuv/%s
 msvc/%d
\u%04X
\u%04X\u%04X
%s near '%s'
%s near end of file
unable to decode byte 0x%x
premature end of input
unexpected newline
control character 0x%x
invalid escape
invalid Unicode escape '%.6s'
invalid Unicode '\u%04X\u%04X'
invalid Unicode '\u%04X'
too big negative integer
too big integer
real number overflow
string or '}' expected
NUL byte in object key not supported
duplicate object key
':' expected
'}' expected
']' expected
maximum parsing depth reached
\u0000 is not allowed without JSON_ALLOW_NUL
invalid token
unexpected token
'[' or '{' expected
end of file expected
<string>
wrong arguments
<stdin>
<stream>
unable to open %s: %s
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
PostQueuedCompletionStatus
Unknown system error %d
Unknown system error
argument list too long
permission denied
address already in use
address not available
address family not supported
resource temporarily unavailable
temporary failure
bad ai_flags value
invalid value for hints
request canceled
permanent failure
ai_family not supported
out of memory
no address
unknown node or service
argument buffer overflow
resolved protocol is unknown
service not available for socket type
socket type not supported
connection already in progress
bad file descriptor
resource busy or locked
operation canceled
invalid Unicode character
software caused connection abort
connection refused
connection reset by peer
destination address required
file already exists
bad address in system call argument
file too large
host is unreachable
interrupted system call
invalid argument
i/o error
socket is already connected
illegal operation on a directory
too many symbolic links encountered
too many open files
message too long
name too long
network is down
network is unreachable
file table overflow
no buffer space available
no such device
no such file or directory
not enough memory
machine is not on the network
protocol not available
no space left on device
function not implemented
socket is not connected
not a directory
directory not empty
socket operation on non-socket
operation not supported on socket
operation not permitted
broken pipe
protocol error
protocol not supported
protocol wrong type for socket
result too large
read-only file system
cannot send after transport endpoint shutdown
invalid seek
no such process
connection timed out
text file is busy
cross-device link not permitted
unknown error
end of file
no such device or address
too many links
host is down
remote I/O error
GetQueuedCompletionStatus
GetQueuedCompletionStatusEx
conout$
uv__malloc
CreateEvent
1.13.2-dev
WaitForSingleObject
ReleaseSemaphore
Unknown error
%s: (%d) %s
(%d) %s
QueueUserWorkItem
UV_THREADPOOL_SIZE
WSAStartup
0.0.0.0
getsockopt
closesocket
socket
ntdll.dll
GetModuleHandleA
RtlNtStatusToDosError
GetProcAddress
NtDeviceIoControlFile
NtQueryInformationFile
NtSetInformationFile
NtQueryVolumeInformationFile
NtQueryDirectoryFile
NtQuerySystemInformation
kernel32.dll
SetFileCompletionNotificationModes
CreateSymbolicLinkW
CancelIoEx
InitializeConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
CancelSynchronousIo
GetFinalPathNameByHandleW
powrprof.dll
PowerRegisterSuspendResumeNotification
UnregisterWaitEx
GenuineIntel
AuthenticAMD
CyrixInstead
NexGenDriven
GenuineTMx86
UMC UMC UMC 
CentaurHauls
RiseRiseRise
SiS SiS SiS 
Geode by NSC
Pentium(R) M
Pentium(R) Dual  CPU
Pentium(R) Dual-Core
Pentium(R) D
Genuine Intel(R) CPU
Intel(R) Core(TM)
CPU [N ][23]## 
CPU [ND][45]## 
CPU [ND]#### 
Atom(TM) CPU
Mobile
Celeron
Pentium
Core(TM) [im][357]
[ELXW]75##
[ELXW]55##
[ELXW]56##
.text$di
.text$mn
.text$x
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCU
.CRT$XCZ
.CRT$XIA
.CRT$XIZ
.CRT$XPA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.edata
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.rsrc$01
.rsrc$02
xmrig.dll
DllEntry
GetAddrInfoW
FreeAddrInfoW
WSARecv
WSASocketW
WSASend
WSAIoctl
WSARecvFrom
WS2_32.dll
GetStdHandle
SetConsoleMode
GetConsoleMode
CreateMutexW
GetLastError
CloseHandle
FreeConsole
GetConsoleWindow
SetThreadAffinityMask
GetCurrentProcess
SetProcessAffinityMask
GetCurrentThread
VirtualFree
VirtualAlloc
LocalAlloc
LocalFree
GetProcAddress
GetModuleHandleW
SwitchToThread
GetCurrentProcessId
SetConsoleCtrlHandler
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
PostQueuedCompletionStatus
SetErrorMode
GetQueuedCompletionStatus
CreateIoCompletionPort
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
RegisterWaitForSingleObject
UnregisterWait
GetConsoleCursorInfo
DuplicateHandle
QueueUserWorkItem
MultiByteToWideChar
SetConsoleCursorInfo
FillConsoleOutputCharacterW
ReadConsoleInputW
CreateFileA
ReadConsoleW
WriteConsoleInputW
FillConsoleOutputAttribute
WriteConsoleW
GetNumberOfConsoleInputEvents
WideCharToMultiByte
SetConsoleCursorPosition
CreateDirectoryW
ReadFile
SetLastError
WriteFile
DeviceIoControl
RemoveDirectoryW
SetFileTime
CreateHardLinkW
CreateFileW
GetFileAttributesW
GetFileInformationByHandle
SetFilePointerEx
MoveFileExW
FlushFileBuffers
GetModuleFileNameW
QueryPerformanceFrequency
GetSystemInfo
QueryPerformanceCounter
CancelIo
SetHandleInformation
CreateEventA
TlsSetValue
ReleaseSemaphore
WaitForMultipleObjects
WaitForSingleObject
ResumeThread
SetEvent
TlsAlloc
ResetEvent
DeleteCriticalSection
CreateSemaphoreW
CreateSemaphoreA
FormatMessageA
SetNamedPipeHandleState
CreateNamedPipeW
PeekNamedPipe
GetNamedPipeHandleStateA
ConnectNamedPipe
GetLongPathNameW
ReadDirectoryChangesW
GetModuleHandleA
LoadLibraryA
TerminateProcess
UnregisterWaitEx
GetExitCodeProcess
KERNEL32.dll
ShowWindow
MapVirtualKeyW
USER32.dll
GetTokenInformation
LsaClose
LsaAddAccountRights
LsaOpenPolicy
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
ADVAPI32.dll
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
_Thrd_yield
_Thrd_sleep
_Xtime_get_ticks
_Query_perf_frequency
_Query_perf_counter
MSVCP140.dll
__CxxFrameHandler3
memmove
_purecall
__std_terminate
memchr
strstr
strchr
strrchr
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memset
_except_handler4_common
__std_type_info_destroy_list
VCRUNTIME140.dll
_invalid_parameter_noinfo_noreturn
_localtime64_s
__stdio_common_vsprintf
_time64
malloc
_strnicmp
calloc
strncpy
strtol
__acrt_iob_func
__stdio_common_vfprintf
strncmp
__p___argv
strtoull
getenv
_dtest
_aligned_free
_aligned_malloc
_dclass
fclose
_strtoi64
_errno
strerror
strtod
localeconv
realloc
_set_invalid_parameter_handler
_get_osfhandle
_lseeki64
__doserrno
_wmkdir
_wrmdir
wcsncpy
_close
_write
wcstombs
_wchmod
__p__fmode
_open_osfhandle
wcsncmp
__stdio_common_vswprintf
_beginthreadex
_wcsnicmp
isdigit
_callnewh
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_strdup
_umask
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-time-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-utility-l1-1-0.dll
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-convert-l1-1-0.dll
api-ms-win-crt-environment-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-locale-l1-1-0.dll
api-ms-win-crt-filesystem-l1-1-0.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
memcpy
_except1
\\?\pipe
.?AVtype_info@@
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVbad_array_new_length@std@@
.?AVApp@@
.?AVIConsoleListener@@
.?AVConsoleLog@@
.?AVILogBackend@@
.?AVFileLog@@
.?AVNetwork@@
.?AVIJobResultListener@@
.?AVIStrategyListener@@
.?AVIStrategy@@
.?AVDonateStrategy@@
.?AVIClientListener@@
.?AVFailoverStrategy@@
.?AVSinglePoolStrategy@@
.?AVIWorker@@
.?AVWorker@@
.?AVDoubleWorker@@
.?AVSingleWorker@@
hhh#YYYWUUU
YYYSmmm
ccc7TTT
ZZZ[QQQ
___CQQQ
ccc)PPP
___;NNN
___=NNN
bbb-NNN
ooo)SSS
\\\cLLL
\\\cLLL
\\\cLLL
YYYqWWW
\\\cLLL
\\\cLLL
\\\cLLL
\\\cLLL
\\\cLLL
\\\cLLL
\\\cLLL
\\\cLLL
^^^aZZZo
\\\3SSSuPPP
SSSq\\\/
SSSwOOO
SSSqkkk
UUUgNNN
\\\KPPP
UUU#OOO
RRRuMMM
PPPwLLL
PPPwLLL
RRR5RRR;LLL
PPPwLLL
RRR;LLL
SSSeRRR5
RRR;QQQa
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
0!020J0
2B2_2c2h2
4>5E5S5`5j5q5w5
747>7v7
8>8U8Y8^8i8
:7:?:\:`:d:h:l:
;(;8;@;O;U;j;
<O=a=g=
>D>b>z>
?3?8???F?M?T?{?
)0.0;0
0	1J1z1
122b2u2y2~2
647<7I7Q7u7
7J9P9v9z9
98;b;p;x;
=*=?>E>J>]>i>n>s>
405;5v5/6:6v6H7_7c7h7
72888P8a8o8}8
8-9<9G9T9d9
:#:4:D:M:\:n:y:
;);7;F;M;\;c;t;{;!<,<><H<s<
=1=?=I=`=m=
=3>V>h>s>
9*9f9H:O:
223H3P3
4V9h9'<-<
%020:0f0{0
1Q1W1`1g1
1*232B2
3)3/3c3
3+434R4]4m4
5!545F5K5X5]5
686X6d6~6
8K9Q9s9$:?:
:s;y;u<
0K0[0y0
3;3O3^3
525H5x5
6#696O6U6[6d6j6}6
7F7L7e7k7u7
8'828B8H8W8]8d8h8n8
9#9)939V9h93:A:O:]:k:y:
</<7<a<
<P=W=h=
181<1@1D1H1L1P1T1X1\1`1d1h1
1G3O3h3l3p3t3x3M4^4
5%5>5m5
:%;H;_;
<(</<;<@<I<O<Y<b<q<x<
=*=8=D=N=T=_=x=
> >3>E>L>R>
0"040<0
486>6b6
9/9B9J9o9
:-;N;b;j;:=k=y=
>1>M>n>
$0,01070D0J0S0Y0c0l0r0x0
2&2=2A2F2
31353:3@3M3S3\3d3j3q3w3~3
4$4-434=4I4^4c4
5!5)51575>5G5\5i5w5|5
8B8`8t8|8
;0<5<@<J<
=0=@=\=g=t=
040H0Y0g0
1,1I1W1t1
4*898H8W8
1)1B1J1[1e1w1
>0>9>Z>c>
?"?;?L?]?f?
0&0G0N0o0x0
1 181D1K1T1u1~1
2E2N2f2r2{2
3;3D3s3|3
4?4H4i4r4
5)505C5L5m5v5
6-666W6^6q6z6
8(8;8D8e8n8
9$9-9N9U9h9q9
:!:(:1:P:Y:|:
:";+;C;O;V;];
<!<P<Y<j<}<
=%=F=O=~=
> >)>J>S>t>}>
?4?;?N?W?x?
070@0a0h0{0
8'9.999b9
: :+:Q:
: ;2;=;H;
;,<3<><i<
2*2;2^2e2
7L;S;l;u;
0%0>0O0r0y0
4"5)5\9c9|9
9L=S=l=u=
?$?=?I?W?a?{?
(0<0L0\0p0
?(?6?Q?X?j?
4%4,4:4H4c4j4|4
505=5K5U5n5u5
4,484F4e4r4
719>9J9X9w9
;!;<;K;a;o;
:6:D:R:q:
;&;4;C;Q;n;|;
<,<6<M<T<b<p<
=*=C=V=d=n=
>3>O>h>z>
?-?h?z?
0(060O0]0k0
1)1C1M1[1m1{1
2%2D2O2]2g2
3=3Z3s3
4*4I4X4x4
5%5>5T5b5
6(626@6G6U6f6
717C7M7g7q7
8+8F8_8p8~8
:5:C:Q:o:
;#;*;8;O;Z;s;
<&<8<B<\<f<t<
=5=N=a=o=y=
>$>3>S>p>
?5?C?b?q?
0%000>0O0]0k0
1 1.1H1R1`1k1y1
2#2-2F2Q2_2i2
3K3a3k3
4$424Q4`4
5)575T5b5p5
6.6J6X6g6u6
727E7S7]7t7{7
8,8E8^8p8
979F9g9
:6:D:R:
;#;=;G;U;`;n;
<+<5<N<Y<g<q<
>->;>I>
?$?>?H?V?a?o?
0)090C0\0g0u0
2%2>2L2Z2
3+353O3Y3g3r3
7)7A7K7d7o7}7
868E8^8|8
8	9'999K9Y9x9
:$:/:=:K:i:x:
;(;<;F;_;f;|;
<6<O<a<u<
=/=>=W=r=
> >.><>[>j>
?%?3?A?_?n?|?
0 0+090C0`0g0u0
0!1(1G1Q1j1u1
2<2K2d2
3-3?3Q3_3~3
4.454C4Q4o4~4
5.5B5L5e5l5
6!6<6U6g6{6
757D7]7{7
8%838A8d8s8
9'9.9<9J9h9w9
:):4:B:L:i:p:~:
:';D;P;Z;s;~;
<&<F<a<
=6=H=Z=h=
>7>>>L>Z>x>
?%?7?K?U?n?}?
0-0K0d0v0
1(1G1V1o1
20272E2b2
393@3N3\3z3
454F4T4^4{4
4B5T5`5j5
6(666V6r6
7-7K7]7o7}7
8 828<8Y8`8n8|8
8>9Q9]9g9
;#;1;?;];l;z;
< <.<I<P<a<k<
><>K>Y>g>
?.?5?C?M?f?m?{?
T0r0~0
1!1;1M1
2$222<2X2_2p2~2
>">A>P>p>
?!?>?L?Z?y?
0$020@0c0j0
1&141>1X1b1p1w1
282J2i2}2
283J3j3
5+5=5K5h5v5
6-676Q6[6i6x6
7*7C7V7d7n7
8(8H8b8{8
9$929Q9`9
:%:6:P:j:
;7;A;O;Z;h;
</<@<N<X<r<|<
<2=D=P=Z=s=~=
>!>?>[>
?*?C?Q?_?~?
0,060D0S0a0~0
111?1I1`1g1
2#2@2Y2l2z2
323A3a3{3
4-4;4^4m4
5"505;5I5b5p5~5
6!6/696S6]6k6}6
717;7T7_7m7w7
8!808U8s8
9$929@9_9n9
:(:7:E:b:p:~:
;#;-;D;K;Y;g;
<.<@<T<^<w<~<
=7=U=n=
?%?0?>?W?e?s?
0)070A0[0e0s0~0
091G1S1]1v1
3&313?3X3f3t3
4,474E4O4i4s4
4I5X5d5n5
7)777B7P7i7w7
:	;!;+;D;O;];g;
<%<><\<
=+=9=X=g=
>+>I>X>j>x>
?&???F?\?j?
0/0A0U0_0x0
171R1k1}1
2;2J2i2
3!3?3N3\3j3
4#4@4G4U4c4
5'515J5U5c5m5
6+6D6m6
717?7^7m7
8#818O8^8p8~8
9"9,9E9L9b9p9
:5:G:[:e:~:
;$;=;[;t;
<!<D<S<r<
=*=H=W=e=s=
>">,>I>P>^>l>
?$?0?:?S?^?l?v?
0&0A0l0|0
1(1:1H1g1v1
2,2:2X2g2y2
3+353N3]3k3y3
4+4D4V4j4t4
5'565O5m5
6%6B6e6t6
7 7.7<7Z7i7w7
8&848>8[8b8p8~8
8"949@9J9c9n9|9
:6:R:}:
;+;=;O;];|;
<9<@<N<\<z<
=1===G=`=g=u=
?=?L?Z?h?
0)000A0K0d0k0
0Q1d1x1
2+292G2
3#3-3F3M3[3i3
344R4^4h4
686?6P6^6|6
0(020<0\0
5F6J6N6R6V6Z6^6b6m6
:':N:U:
2:2i2s2z2
4054585<5@5D5H5L5P5T5X5\5`5@7
8(9B9K9`9i9o9
;!<E<K<
>/?E?T?
2A2K2Q2
2:3@3P3U3
7!7'7-73797?7E7K7Q7W7]7c7i7o7u7{7
80858;8A8G8M8S8Y8_8e8k8q8w8}8
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9
:!:7:G:h:p:u: ;&;,;4;d;l;r;
>(>1>:>
61666<6B6J6\6a6p6v6
73787K7P7Z7k7s7
8!8-838=8B8G8L8`8i8o8|8
9'9.94999?9
:":=:h:
:.;d;};
<"<=<h<
>6>@>m>
$0<0z0
1$1=1L1V1`1q1
2$272=2G2
364<4F4S4]4n4v4
555E5J5k5
5%6X6q6
7/747B7l7
7P8Y8_8i8
9%9@9F9Y9e9
:%:@:F:Y:e:
;%;@;F;Y;e;;<A<T<`<{<
= =;=A=T=`={=
>*>0>K>Q>^>d>
? ?$?(?,?0?4?8?<?@?D?H?
0!0H0|0
1 111H1N1\1
3q495D5
8&8L8V8d8
9N9X9t9
;;;Q;s;
=&=,=2=
=!>H>N>
0+050r0
1)2G2Q2b2
2:3D3m3{3
5;5[5x5
6O6Y6t6
6%7/7J7X7
404>4s4y4
5 5$5(5,5054585<5@5D5H5L5P5
9>:e:{:
5"5.5M5q5
6+7=7h7
9;9L9t9
:B;P;o;y;
<"=K=q=
60P0q0
151>1J1c1
7d7n7x7
9:9[9f9
92:L:W:
:4;q;~;
?A?e?o?
1%1\1k1
2<2L2b2
4 4$4(4,4044484<4@4D4
4 5J5h5
6)7G7i748^8
9E9O9\9g9
<%</<@<G<M<
80F0K0y0
0)131:1t1
7&7K7l7{7
8$8+878<8H8N8S8Z8m8r8{8
< <$<(<
= =$=(=,=0=4=8=<=@=4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
5!5.565<5
7T8e8v8{8
;#;M;h;
<#<f<v<
?>?O?u?
0	050I0{0
0(1F1P1
2#272Q2
3#3[3u3
545N5i5z5
5	6v6{6
>(>:>D>I>Y>g>l>h?
4;4E4%5
6<6]6q6
7@8N8p8
9$9+91999?9F9S9Y9b9g9m9w9
;$;.;8;<;B;G;Q;Z;a;g;o;s;y;};
<#<(<.<C<W<\<v<
?#?,?2?Y?
494P4[4d4k4
5$5,595A5N5V5c5k5x5
6#6*60676<6B6K6S6]6b6o6t6
4"4*424B4R4b4r4
83898?8E8K8Q8X8_8f8m8t8{8
9:9@9F9L9R9X9_9f9m9t9{9
<,<3<9<K<U<
	0`0x0~0
0/1L1b1l1z1
142=2E2
444<4A4^4
5)5Q5Y5k5w5
6!6'6-63696?6E6K6Q6W6]6c6i6o6u6{6
=&=.=U=^=i=o=u=
>"?B?b?
0:1Q1Z1b1h1~1
44484<4P4T4X4|5
64686<6@6H9p9
: :0:@:`:p:
; ;0;@;P;`;p;
6X7\7d7h7p7t7|7
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:x:|:
l:p:x:
; ;0;4;<;T;d;h;x;|;
<0<@<D<T<X<h<l<
= =4=8=P=`=d=t=x=
>0>@>D>H>`>p>t>
? ?$?8?H?L?P?h?l?
0 080H0L0\0`0d0h0p0x0|0
1,101H1L1P1T1h1l1|1
5<5H5h5p5x5
5(686D6L6
7(7H7P7X7d7
8,808P8p8
,0X0\0`0d0d1|1
2,2H2`2x2
343X3p3