Sample details: 974506503cd935cdce493a8f47c0a3b8 --

Hashes
MD5: 974506503cd935cdce493a8f47c0a3b8
SHA1: 283794591fdd5ff2841936b706e16124cb836f05
SHA256: 41fd1c757801ccbe924c74ac26539d4e187cc4e1b45f971ac16e1e059809471b
SSDEEP: 12288:/XEhPfaeJnwYgn9nWyAht6bUDHkFqTLB9tstCq:P+PfaeJnw9FWyAht3rT/tstC
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsConsole | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/DebuggerException__SetConsoleCtrl | YRP/anti_dbg | YRP/network_udp_sock | YRP/network_tcp_listen | YRP/network_tcp_socket | YRP/network_dns | YRP/escalate_priv | YRP/keylogger | YRP/win_mutex | YRP/win_token | YRP/win_files_operation | YRP/Big_Numbers1 | YRP/RijnDael_AES_CHAR | YRP/RijnDael_AES_LONG | YRP/Str_Win32_Winsock2_Library | FlorianRoth/BTC_Miner_lsass1_chrome_2 |
Source
http://www.eeme7j.win/mule.exe
http://149.255.35.91/mule.exe
Strings
		!This program cannot be run in DOS mode.
Richrq>
`.rdata
@.data
@.reloc
D$hVPjLh
L$D_^[3
L$L_^[3
uF8C u&
tA;9u2
;x |*;K|u%
T$ 9l$
L$$j=S
D$ SVWj
L$(+L$4
D$PSVW
L$\_^[3
SVWhlnF
uRhlnF
t#hlnF
3A|3AT3A,3
3Qx3QP3Q(
3AX3A03A
3Ad3A<3A
3Q`3Q83Q
3q\3q43q
3Al3AD3A
3Qh3Q@3Q
3At3AL3A$3
3Qp3QH3Q 3
1y,1qP1yT1qx
1q01qX1
1y41y\1
1q81y<1q`1yd1
3D$$1A
1A@1Ah1
1QD1Ql1
1A 1Q$1QL1Qt1
1AH1Ap1
1Qh#D$
#l$$#\$
A,5Dsp
D$<"8	
i45"8	
T$,3T$<
T$(3T$D
T$(3T$H
T$43T$<
F8_^][
T$83l$
L$83L$$
L$03l$
	D$03t$(
D$03D$
l$,3T$
t$H3\$
t$H3T$
3t$,3|$
	D$83T$(
l$83l$
D$43T$ 3D$
D$D3T$ 
L$03L$$
L$<3l$
	D$43t$(
D$43D$
L$ 3t$
t$H3\$
t$H3T$
1\$03L$$
l$P3|$
	D$<3T$(
l$<3l$
D$43T$ 3D$
L$03L$$
L$<3l$
	D$43t$(
D$43D$
t$03\$
\$,3t$
l$P3|$
l$<3T$(3l$
D$43T$ 3D$
L$03L$$
L$<3l$
	D$43t$(
D$43D$
t$H3T$
l$43l$
D$83T$ 3D$
D$D3T$ 
L$03L$$
L$<3l$
	D$43t$(
D$43D$
t$H3T$
L$<3t$
	D$43T$(
l$43l$
D$83D$
D$D3T$ 
L$03L$$
L$<3l$
	D$43t$(
D$43D$
D$`3t$
|$(3\$
L$<3t$
	D$43T$(
l$43l$
D$83D$
D$T3T$ 
L$03L$$
L$<3l$
D$43D$
T$$3l$
|$,3T$
T$83\$
	D$43T$(
l$43l$
D$83T$ 3D$
|$(3T$ 
L$03L$$
L$<3l$
	D$43t$(
D$43D$
t$p3\$
t$p3T$
	D$43T$(
l$43l$
D$83T$ 3D$
D$p3T$ 
L$03L$$
L$p3l$
l$03D$(3l$
t$43t$(
1D$03t$,
\$@3D$$
|$X3D$
|$\;|$\w
D$t3T$ 
D$X3|$@%
|$l;|$lw
|$d3D$
~D$X3G
|$P3t$
D$@3D$
D$L;D$xw
|$p3t$
|$X3D$
|$\;|$\w
D$t3T$ 
D$X3|$@%
|$l;|$lw
|$d3D$
~D$X3G
|$P3t$
D$@3D$
D$L;D$xw
|$p3t$
~L$L3<
~D$t34
~D$434
~D$T34
~\$@34
~D$\3<
~\$L3<
~D$,3<
~D$h34
~D$t34
~D$434
~D$p34
~\$@3<
~\$H3<
~\$L3<
~D$d34
~D$,3<
~D$h34
~D$t34
~\$434
~D$x34
~D$X3<
~\$D3<
~\$H3<
~D$(3<
~D$d34
~D$03<
~D$h34
~\$T34
~D$p34
~\$434
~\$@3<
~D$D3<
~\$H3<
~D$L3<
~\$P3<
~D$T3<
~\$X3<
~\$`3<
~\$@3<
~\$H3<
~D$L3<
~\$P3<
~D$T3<
~\$X3<
~D$\3<
~\$`3<
~\$@3<
~\$H3<
~D$L3<
~\$P3<
~D$$3<
~\$X3<
~D$\3<
~L$L3<
~D$t34
~D$434
~D$T34
~\$@34
~D$\3<
~\$L3<
~D$,3<
~D$h34
~D$t34
~D$434
~D$p34
~\$@3<
~\$H3<
~\$L3<
~D$d34
~D$,3<
~D$h34
~D$t34
~\$434
~D$x34
~D$X3<
~\$D3<
~\$H3<
~D$(3<
~D$d34
~D$03<
~D$h34
~\$T34
~D$p34
~\$434
~\$@3<
~D$D3<
~\$H3<
~D$L3<
~\$P3<
~D$T3<
~\$X3<
~\$`3<
~\$@3<
~\$H3<
~D$L3<
~\$P3<
~D$T3<
~\$X3<
~D$\3<
~\$`3<
~\$@3<
~\$H3<
~D$L3<
~\$P3<
~D$$3<
~\$X3<
~D$\3<
L$<_^][3
D$DjdP
L$49u$
+T$0SW
L$ SWP
S9t$$t$j
j9]j0^;
F<_^][Y
QQSUVW
_^][YY
_^][YY
[_^]YY
@_^][Y
SUVWQQ
H@;A8u
B@;P8u
H@;A8u
B@;P8u
B@;P8u
B@;P8u
B@;P8u
A@;H8u
B@;P8u
SUVWh\pF
SWh\pF
SUVh|qF
u6h|qF
V$9T$4
D$$APh
D$$UVW
F<_^][
F<_^][
""""""""""""""""""""
"""""""""""""""""""""""""""""""""""""""""""""""""
D$<SUV
f;D$(w
L$L_^][3
D$@SUVW
L$$QVPj 
D$ VQj 
D$0;D$H
G,_^][
y,_^][
{,_^][
@tG9{4u
C49{@u
@tG9{8u
C89{Du
@tG9{<u
C<9{Hu
{,_^][
{,_^][
{,_^][
;_[^]Y
FH^][Y
FH_^][Y
FH_^][
FH_^][
FH_^][
FH_^][
FH_^][
FH_^][
D$lVWj
L$t_^3
GH_^][
GH_^][
L$HQVVVP
D$HPVVV
FH_^][
FH_^][
D$(f9:tJ
Jt>=&'
.t"=}'
HX_^][Y
G<_^][Y
G<_^][Y
G<_^][Y
s(_^][
s(_^][
G<_^][
G<_^][
L$(_^[3
s(_^][Y
s(_^]3
u,_^][
H8;A0u
B8;P0u
H8;A0u
B8;P0u
B8;P0u
B8;P0u
B8;P0u
A8;H0u
B8;P0u
FD;G$wer
F@;G w[
NHPQPQ
s(_^][
s(_^][
G<_^][
G<_^][
G<_^][
D$(][_
D$(][_
D$,	F,3
D$4SUV
s,_^][
D$4;D$8u
L$D_^][3
G<_^][
G<_^][
t$$tjj
F<_^][Y
F<_^][Y
F<_^][Y
D$ Phx
;D$ vH
},_^][
{(]_^[
u,_[^]
L$,_^3
^,_^][
^,_^][
F;54rF
uSVh|qF
j Uh$ 
_^][YY
_ZY[_[Y
Wj [SUj
@Wj@Uh
L$mWj@j
L$~Wj@j
Wj@^Vj
Wj@Uj B
Wj@[Sj
v	N+D$
QQSVWd
t.h(ZE
URPQQh
;t$,v-
UQPXY]Y[
F4_^[]
Tt1jhZ;
^$+^8+
^$+^8+
t	j-Xf
N2jx_f;
~$+~8+
F2jgYf;
u0jAXf;
u0jAXf;
<xt"<Xt
v!j"X_^[
<et	<pu
rr	jrZ
rr	jrZ
QQSWj0j@
(HXt9f
PVSQSWV
YYh<SE
< t1<	t-
QSSSSj
SSPQSS
u kE$<
Wj0XPS
>=upF8
SSSPSW
u-PSSW
SSVWh 
f9:t!V
tl=pQF
PPPPPWS
PP9E u:PPVWP
rr	jrZ
rr	jrZ
PPPPPPPP
v	N+D$
Unknown exception
bad allocation
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
InitOnceExecuteOnce
CreateEventExW
CreateSemaphoreW
CreateSemaphoreExW
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
FlushProcessWriteBuffers
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
GetCurrentPackageId
GetTickCount64
GetFileInformationByHandleEx
SetFileInformationByHandle
GetSystemTimePreciseAsFileTime
InitializeSRWLock
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CompareStringEx
GetLocaleInfoEx
LCMapStringEx
bad array new length
SchedulerKind
MaxConcurrency
MinConcurrency
TargetOversubscriptionFactor
LocalContextCacheSize
ContextStackSize
ContextPriority
SchedulingProtocol
DynamicProgressFeedback
WinRTInitialization
MaxPolicyElementKey
RoInitialize
RoUninitialize
bad exception
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator "" 
operator co_await
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
`h````
xpxxxx
(null)
Visual C++ CRT: Not enough memory to complete call to strerror.
[aOni*{
~ $s%r
@b;zO]
v2!L.2
IND)ind)
CorExitProcess
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
AreFileApisANSI
LocaleNameToLCID
AppPolicyGetProcessTerminationMethod
AppPolicyGetThreadInitializationType
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
UTF-16LEUNICODE
No error
Operation not permitted
No such file or directory
No such process
Interrupted function call
Input/output error
No such device or address
Arg list too long
Exec format error
Bad file descriptor
No child processes
Resource temporarily unavailable
Not enough space
Permission denied
Bad address
Resource device
File exists
Improper link
No such device
Not a directory
Is a directory
Invalid argument
Too many open files in system
Too many open files
Inappropriate I/O control operation
File too large
No space left on device
Invalid seek
Read-only file system
Too many links
Broken pipe
Domain error
Result too large
Resource deadlock avoided
Filename too long
No locks available
Function not implemented
Directory not empty
Illegal byte sequence
1#QNAN
1#SNAN
<8bunz8
l,kg<i
<@En[vP
_hypot
_nextafter
?5Wg4p
"B <1=
device or resource busy
resource deadlock would occur
resource unavailable try again
address in use
already connected
argument out of domain
bad address
bad message
connection aborted
connection reset
cross device link
executable format error
file exists
filename too long
function not supported
host unreachable
identifier removed
illegal byte sequence
inappropriate io control operation
interrupted
io error
is a directory
message size
network down
network reset
network unreachable
no buffer space
no child process
no link
no lock available
no message available
no message
no protocol option
no space on device
no stream resources
not a socket
not a stream
not connected
not supported
operation in progress
operation not supported
operation would block
owner dead
read only file system
result out of range
state not recoverable
stream timeout
text file busy
timed out
too many files open in system
too many files open
too many symbolic link levels
value too large
wrong protocol type
"%s" hash self-test failed.
[01;33mpaused
[0m, press 
[01;35mr
[0m to resume
paused, press 'r' to resume
[01;32mresumed
resumed
Ctrl+C received, exiting
SIGHUP received, exiting
SIGTERM received, exiting
SIGINT received, exiting
vector<T> too long
[01;37m
[01;30m
[%d-%02d-%02d %02d:%02d:%02d]%s %s%s
[%d-%02d-%02d %02d:%02d:%02d] 
{"id":%llu,"jsonrpc":"2.0","method":"submit","params":{"id":"%s","job_id":"%s","nonce":"%s","result":"%s"}}
job_id
target
[%s:%u] duplicate job received, ignore
[%s:%u] getaddrinfo error: "%s"
jsonrpc
method
params
[%s:%u] JSON decode failed: "%s"
result
message
[%s:%u] error: "%s", code: %lld
[%s:%u] unsupported method: "%s"
Unauthenticated
[%s:%u] login error code: %d
{"id":%lld,"jsonrpc":"2.0","method":"keepalived","params":{"id":"%s"}}
[%s:%u] connect error: "%s"
[%s:%u] read error: "%s"
[%s:%u] DNS error: "%s"
[%s:%u] DNS error: "No IPv4 records found"
map/set<T> too long
ambiguous option -- %.*s
option doesn't take an argument -- %.*s
option requires an argument -- %s
unknown option -- %c
Usage: xmrig [OPTIONS]
Options:
  -a, --algo=ALGO       cryptonight (default) or cryptonight-lite
  -o, --url=URL         URL of mining server
  -O, --userpass=U:P    username:password pair for mining server
  -u, --user=USERNAME   username for mining server
  -p, --pass=PASSWORD   password for mining server
  -t, --threads=N       number of miner threads
  -v, --av=N            algorithm variation, 0 auto select
  -k, --keepalive       send keepalived for prevent timeout (need pool support)
  -r, --retries=N       number of times to retry before switch to backup server (default: 5)
  -R, --retry-pause=N   time to pause between retries (default: 5)
      --cpu-affinity    set process affinity to CPU core(s), mask 0x3 for cores 0 and 1
      --no-color        disable colored output
      --donate-level=N  donate level, default 5%% (5 minutes in 100 minutes)
  -B, --background      run the miner in the background
  -c, --config=FILE     load a JSON-format configuration file
  -l, --log-file=FILE   log all output to a file
      --max-cpu-usage=N maximum CPU usage for automatic threads mode (default 75)
      --safe            safe adjust threads and av settings for current CPU
      --nicehash        enable nicehash support
      --print-time=N    print hashrate report every N seconds
  -h, --help            display this help and exit
  -V, --version         output version information and exit
unknown option -- %s
option requires an argument -- %c
a:c:khBbfp:Px:r:R:s:t:T:o:u:O:v:Vl:S
Sb*kA?AT?*
0Hx(x`(07
$~Z6ZH6$
tX4Fr.rh.46Aw-wl-6
cB pP0P@0 
&y_5_L5&
.eK9K\9.
2O}+}d+2
k(lD<DP<(
r\8Tl$lp$8W_
>]c!c|!>
:Si'it':'
+"wU3UD3"
-<Zf"fx"<
m,bN:NX:,
~	L#'Q&
)l\^'-
L&&jl66Z~??A
Oh44\Q
sb11S*
uB!!c 
D""fT**~;
;d22Vt::N
J%%o\..r8
gg}V++
jL&&Zl66A~??
Sb11?*
tX,,.4
RRMv;;a
MMUf33
PPDx<<
cB!!0 
~~Gz==
fD""~T**
Vd22Nt::
xxoJ%%r\..$8
ppB|>>
aa_j55
UUxP((z
&jL&6Zl6?A~?
~=Gz=d
"fD"*~T*
2Vd2:Nt:
x%oJ%.r\.
a5_j5W
=&&jL66Zl??A~
g99KrJJ
==Gzdd
""fD**~T
22Vd::Nt
$$lH\\
77Ynmm
%%oJ..r\
55_jWW
:,c|w{
                                
0123456789ABCDEF
0123456789abcdef
%u.%u.%u.%u
0123456789
dev donate started
[01;37muse pool 
[01;36m%s:%d 
[01;30m%s
use pool %s:%d %s
dev donate finished
no active pools, stop mining
[01;31mrejected
[0m (%lld/%lld) diff 
[01;37m%u
[31m"%s"
[01;30m(%llu ms)
rejected (%lld/%lld) diff %u "%s" (%llu ms)
[01;32maccepted
[0m (%lld/%lld) diff 
[01;37m%u
[01;30m(%llu ms)
accepted (%lld/%lld) diff %u (%llu ms)
[01;35mnew job
[0m from 
[01;37m%s:%d
[0m diff 
[01;37m%d
new job from %s:%d diff %d
fee.xmrig.com
.nicehash.com
stratum+tcp://
47fdWqnYJyyWypHfJGpnSvNaejHzWuuv6WG2bZceWfbREJZj4qjBaZPhzV5ttZSQU7joXLbfMG4YPcDxPbtErNk1ENqjvRL
POSIXLY_CORRECT
background
config
cpu-affinity
donate-level
keepalive
log-file
max-cpu-usage
nicehash
no-color
print-time
retries
retry-pause
syslog
threads
userpass
version
colors
cryptonight
cryptonight-lite
config.json
stratum+tcp://xmr.crypto-pool.fr:80
stratum+tcp://xmr.crypto-pool.fr:3333
stratum+tcp://mine.moneropool.com:80
stratum+tcp://mine.moneropool.com:3333
%s: unsupported non-option argument '%s'
No pool URL supplied. Exiting.
%s:%d: %s
Try "xmrig" --help' for more information.
XMRig 2.2.1
 built on Oct 21 2017 with MSVC
 features: i386 AES-NI
libuv/%s
libjansson/%s
cryptonight-light
 MSVC/%d
[01;32m * 
[01;37mVERSIONS:     
[01;36mXMRig/%s
[01;37m libuv/%s%s
 * VERSIONS:     XMRig/%s libuv/%s%s
[01;32menabled
[01;31mdisabled
[01;32mavailable
[01;31munavailable
[01;32m * 
[01;37mHUGE PAGES:   %s, %s
enabled
disabled
available
unavailable
 * HUGE PAGES:   %s, %s
[01;32m
[01;31m-
[01;32m * 
[01;37mCPU:          %s (%d) %sx64 %sAES-NI
[01;32m * 
[01;37mCPU L2/L3:    %.1f MB/%.1f MB
 * CPU:          %s (%d) %sx64 %sAES-NI
 * CPU L2/L3:    %.1f MB/%.1f MB
, affinity=0x%llX
[01;31m
[01;32m * 
[01;37mTHREADS:      
[01;36m%d
[01;37m, %s, av=%d, %sdonate=%d%%%s
 * THREADS:      %d, %s, av=%d, %sdonate=%d%%%s
[01;32m * 
[01;37mPOOL #%d:      
[01;36m%s:%d
 * POOL #%d:      %s:%d
[01;32m * 
[01;37mCOMMANDS:     
[01;35mh
[01;37mashrate, 
[01;35mp
[01;37mause, 
[01;35mr
[01;37mesume
 * COMMANDS:     'h' hashrate, 'p' pause, 'r' resume
%03.1f
[01;37mspeed
[0m 2.5s/60s/15m 
[01;36m%s 
[22;36m%s %s 
[01;36mH/s
[0m max: 
[01;36m%s H/s
speed 2.5s/60s/15m %s %s %s H/s max: %s H/s
list<T> too long
RtlGetVersion
%s/%s (Windows NT %lu.%lu
) libuv/%s
 msvc/%d
\u%04X
\u%04X\u%04X
%s near '%s'
%s near end of file
unable to decode byte 0x%x
premature end of input
unexpected newline
control character 0x%x
invalid escape
invalid Unicode escape '%.6s'
invalid Unicode '\u%04X\u%04X'
invalid Unicode '\u%04X'
too big negative integer
too big integer
real number overflow
string or '}' expected
NUL byte in object key not supported
duplicate object key
':' expected
'}' expected
']' expected
maximum parsing depth reached
\u0000 is not allowed without JSON_ALLOW_NUL
invalid token
unexpected token
'[' or '{' expected
end of file expected
<string>
wrong arguments
<stdin>
<stream>
unable to open %s: %s
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
PostQueuedCompletionStatus
Unknown system error %d
Unknown system error
argument list too long
permission denied
address already in use
address not available
address family not supported
resource temporarily unavailable
temporary failure
bad ai_flags value
invalid value for hints
request canceled
permanent failure
ai_family not supported
out of memory
no address
unknown node or service
argument buffer overflow
resolved protocol is unknown
service not available for socket type
socket type not supported
connection already in progress
bad file descriptor
resource busy or locked
operation canceled
invalid Unicode character
software caused connection abort
connection refused
connection reset by peer
destination address required
file already exists
bad address in system call argument
file too large
host is unreachable
interrupted system call
invalid argument
i/o error
socket is already connected
illegal operation on a directory
too many symbolic links encountered
too many open files
message too long
name too long
network is down
network is unreachable
file table overflow
no buffer space available
no such device
no such file or directory
not enough memory
machine is not on the network
protocol not available
no space left on device
function not implemented
socket is not connected
not a directory
directory not empty
socket operation on non-socket
operation not supported on socket
operation not permitted
broken pipe
protocol error
protocol not supported
protocol wrong type for socket
result too large
read-only file system
cannot send after transport endpoint shutdown
invalid seek
no such process
connection timed out
text file is busy
cross-device link not permitted
unknown error
end of file
no such device or address
too many links
host is down
remote I/O error
GetQueuedCompletionStatus
GetQueuedCompletionStatusEx
conout$
uv__malloc
CreateEvent
1.13.2-dev
WaitForSingleObject
ReleaseSemaphore
Unknown error
%s: (%d) %s
(%d) %s
QueueUserWorkItem
UV_THREADPOOL_SIZE
WSAStartup
0.0.0.0
getsockopt
closesocket
socket
ntdll.dll
GetModuleHandleA
RtlNtStatusToDosError
GetProcAddress
NtDeviceIoControlFile
NtQueryInformationFile
NtSetInformationFile
NtQueryVolumeInformationFile
NtQueryDirectoryFile
NtQuerySystemInformation
kernel32.dll
SetFileCompletionNotificationModes
CreateSymbolicLinkW
CancelIoEx
InitializeConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
CancelSynchronousIo
GetFinalPathNameByHandleW
powrprof.dll
PowerRegisterSuspendResumeNotification
UnregisterWaitEx
GenuineIntel
AuthenticAMD
CyrixInstead
NexGenDriven
GenuineTMx86
UMC UMC UMC 
CentaurHauls
RiseRiseRise
SiS SiS SiS 
Geode by NSC
Pentium(R) M
Pentium(R) Dual  CPU
Pentium(R) Dual-Core
Pentium(R) D
Genuine Intel(R) CPU
Intel(R) Core(TM)
CPU [N ][23]## 
CPU [ND][45]## 
CPU [ND]#### 
Atom(TM) CPU
Mobile
Celeron
Pentium
Core(TM) [im][357]
[ELXW]75##
[ELXW]55##
[ELXW]56##
.text$di
.text$mn
.text$x
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCC
.CRT$XCU
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPB
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.rsrc$01
.rsrc$02
GetAddrInfoW
FreeAddrInfoW
WSARecv
WSASocketW
WSASend
WSAIoctl
WSARecvFrom
WS2_32.dll
GetStdHandle
SetConsoleMode
GetConsoleMode
CreateMutexW
GetLastError
CloseHandle
FreeConsole
GetConsoleWindow
SetThreadAffinityMask
GetCurrentProcess
SetProcessAffinityMask
GetCurrentThread
VirtualFree
VirtualAlloc
LocalAlloc
LocalFree
GetProcAddress
GetModuleHandleW
SwitchToThread
GetCurrentProcessId
SetConsoleCtrlHandler
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
PostQueuedCompletionStatus
SetErrorMode
GetQueuedCompletionStatus
CreateIoCompletionPort
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
RegisterWaitForSingleObject
UnregisterWait
GetConsoleCursorInfo
DuplicateHandle
QueueUserWorkItem
MultiByteToWideChar
SetConsoleCursorInfo
FillConsoleOutputCharacterW
ReadConsoleInputW
CreateFileA
ReadConsoleW
WriteConsoleInputW
FillConsoleOutputAttribute
WriteConsoleW
GetNumberOfConsoleInputEvents
WideCharToMultiByte
SetConsoleCursorPosition
GetFileType
CreateDirectoryW
ReadFile
SetLastError
WriteFile
DeviceIoControl
RemoveDirectoryW
SetFileTime
CreateHardLinkW
CreateFileW
GetFileAttributesW
GetFileInformationByHandle
SetFilePointerEx
MoveFileExW
FlushFileBuffers
GetModuleFileNameW
QueryPerformanceFrequency
GetSystemInfo
QueryPerformanceCounter
CancelIo
SetHandleInformation
CreateEventA
TlsSetValue
ReleaseSemaphore
WaitForMultipleObjects
WaitForSingleObject
ResumeThread
SetEvent
TlsAlloc
ResetEvent
DeleteCriticalSection
CreateSemaphoreW
TlsGetValue
TlsFree
CreateSemaphoreA
FormatMessageA
SetNamedPipeHandleState
CreateNamedPipeW
PeekNamedPipe
GetNamedPipeHandleStateA
ConnectNamedPipe
GetLongPathNameW
ReadDirectoryChangesW
GetModuleHandleA
LoadLibraryA
TerminateProcess
UnregisterWaitEx
LCMapStringW
GetExitCodeProcess
GetStartupInfoW
KERNEL32.dll
ShowWindow
MapVirtualKeyW
USER32.dll
GetTokenInformation
LsaClose
LsaAddAccountRights
LsaOpenPolicy
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
ADVAPI32.dll
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
CreateThread
EncodePointer
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
LoadLibraryExW
RtlUnwind
RaiseException
GetCommandLineA
GetCommandLineW
SetStdHandle
GetConsoleCP
GetFileAttributesExW
SetFileAttributesW
ExitThread
GetModuleHandleExW
HeapAlloc
HeapFree
ExitProcess
GetModuleFileNameA
GetACP
GetTimeZoneInformation
CompareStringW
HeapReAlloc
HeapSize
GetProcessHeap
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetStringTypeW
DecodePointer
SetEndOfFile
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
\\?\pipe
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVtype_info@@
.?AVbad_array_new_length@std@@
.?AVbad_exception@std@@
.?AV_Ref_count_base@std@@
.?AV?$_Ref_count_obj_alloc@V__ExceptionPtr@@U?$_StaticAllocator@H@@@std@@
.?AV?$_Ref_count_obj@V__ExceptionPtr@@@std@@
.?AVApp@@
.?AVIConsoleListener@@
.?AVConsoleLog@@
.?AVILogBackend@@
.?AVFileLog@@
.?AVNetwork@@
.?AVIJobResultListener@@
.?AVIStrategyListener@@
.?AVIStrategy@@
.?AVDonateStrategy@@
.?AVIClientListener@@
.?AVFailoverStrategy@@
.?AVSinglePoolStrategy@@
.?AVIWorker@@
.?AVWorker@@
.?AVDoubleWorker@@
.?AVSingleWorker@@
hhh#YYYWUUU
YYYSmmm
ccc7TTT
ZZZ[QQQ
___CQQQ
ccc)PPP
___;NNN
___=NNN
bbb-NNN
ooo)SSS
\\\cLLL
\\\cLLL
\\\cLLL
YYYqWWW
\\\cLLL
\\\cLLL
\\\cLLL
\\\cLLL
\\\cLLL
\\\cLLL
\\\cLLL
\\\cLLL
^^^aZZZo
\\\3SSSuPPP
SSSq\\\/
SSSwOOO
SSSqkkk
UUUgNNN
\\\KPPP
UUU#OOO
RRRuMMM
PPPwLLL
PPPwLLL
RRR5RRR;LLL
PPPwLLL
RRR;LLL
SSSeRRR5
RRR;QQQa
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
0!0-070C0W0b0h0n0t0
0&1A1s1
2C2\2v2
2;3A3X3\3a3
444J4N4S4
4-5;5]5y5
6:6C6J6
6/757;7s7z7
898E8_8i8
9!9&9G9W9]9y9
:.:3:C:Q:^:e:r:
<(<M<Q<W<
0C0t0x0|0
?#?G?s?{?
0'121|1:2E2
9"91989E9L9
;2;:;d;
1;1C1p1
6%6f6-787v7
8/979V9h9
>+?a?f?
1%2C2G2L2
0*0R0j0
1'1-1u1
232<2O2
3H4O4^4i4
4*51595I5O5c5h5p5z5
6B6J6U6`6
7"7:7b7z7
9"9&9+9
=0=8=C=N=
2G2f2p2y2
494D4L4R4Z4`4
5'515C5W5]5
6%646J6P6X6^6d6v6
7%707A7Z7^7d7
8!8'8+8I8S8f8j8z8
9"9(9H9O9_9c9w9}9
;(;P;^;
1G1l1p1t1x1|1
1$2+2w3
5/5c5p5
<(</<;<@<I<O<Y<b<q<x<
=*=8=D=N=T=_=x=
> >3>E>L>R>
 020:0
9/9B9J9o9
;>;R;Z;*=[=i=
=!>=>^>r>
0!0'040:0C0I0S0\0b0h0u0{0
2-21262
3!3%3*303=3C3L3T3Z3a3g3n3x3
4#4-494N4S4
5#5,5A5N5[5f5k5
828P8d8l8r8
<	=O=t=
>->7>@>H>
0#0@0N0k0y0
181F1c1q1
2 2.2?2[2
1"1;1I1U1]1
>$>+>2>;>\>e>
>+?4?Q?X?_?h?
0!0*0Y0b0z0
1%1.1O1X1
2)222S2\2}2
3=3D3W3`3
4 4A4J4k4r4
5.5>5E5N5o5x5
6;6B6_6h6s6|6
757>7	8
8*868=8F8g8p8
969?9W9c9l9s9
:,:5:d:m:
;0;9;Z;c;
<!<4<=<^<g<
='=H=O=b=k=
>">+>L>U>v>}>
?%?<?E?P?Y?z?
0I0R0i0r0}0
8#9*959^9
<0`0q0V2_2x2
7,757N7_7
5#5<5E5^5o5
070E0S0
3!3I3e3
?&?E?R?`?j?
4*484W4d4r4|4
5Z5g5s5
6+6A6O6
5(565Q5X5j5
:%:,:::H:c:j:|:
;0;=;K;U;n;u;
:0:::T:^:l:{:
;*;C;V;d;n;
<(<H<b<{<
=$=2=Q=`=
>%>6>D>R>|>
?7?A?O?Z?h?
080C0Q0[0u0
051<1S1]1v1
2$2C2R2z2
3&3C3Q3_3~3
4,464D4S4a4~4
5.5<5F5]5d5r5
6 6:6S6f6t6~6
7)787X7u7
8!8/8=8d8
9*959C9\9j9x9
:,:6:P:Z:h:z:
:&;:;U;`;l;v;
<-<R<p<
=,=:=Y=h=
>-><>Y>g>u>
?$?>?H?V?d?r?
040G0Y0c0}0
1%1C1\1q1
3+3D3R3`3
414;4I4[4i4
5/5=5K5U5o5y5
6.6K6d6w6
7=7L7l7
8*818G8U8t8
9,9:9U9\9j9
: :8:B:\:f:t:
:#;A;M;W;p;{;
=,=E=S=a=
>!>/>9>S>]>k>v>
>-?B?N?X?q?|?
1!1,1:1S1a1o1
2+222@2J2d2n2|2
2<3S3_3i3
8)878U8g8y8
9!9/999V9]9k9y9
:.:G:Y:m:w:
;';6;O;m;
<$<6<D<c<r<
=+=C=\=r=
>%>/>H>O>]>k>
?)?;?]?q?
60H0g0w0
1 1.1<1
2!2/2=2[2m2
2 3'353?3\3c3q3
444M4_4s4
5-5<5U5s5
6*6<6J6i6x6
7#717B7b7x7
8*848M8T8b8p8
929D9f9z9
:4:F:b:
;);7;E;
<#<*<8<F<d<v<
=%=0=>=H=e=l=z=
>=>V>h>
?6?E?^?|?
	0$060H0V0u0
1$121@1^1m1
2(2<2F2_2f2t2
363O3d3
4@4R4n4
5,5;5I5W5
636:6H6V6t6
7!7:7E7S7]7z7
:0:7:E:S:q:
;);3;L;S;a;k;
=(=3=H=V=d=
>+>2>@>J>c>j>x>
>Q?o?{?
0&0<0J0
1&101I1P1^1l1
1:2[2g2q2
> >*>D>N>\>k>y>
?3?F?T?^?r?
080R0k0~0
1"1A1P1p1
2&242B2l2w2
3'313?3J3X3q3
4(434A4K4e4o4}4
4%5,5C5M5f5q5
636B6j6
737A7O7n7}7
8&848C8Q8n8|8
9,969M9T9b9z9
:*:C:V:d:n:
;(;H;e;~;
<-<T<o<
=%=3=L=Z=h=
>&>@>J>X>j>x>
?*?E?P?\?f?
0B0`0y0
1*1I1X1x1
2,2I2W2e2
3.383F3T3b3{3
4$474I4S4m4w4
535L5a5
747B7P7z7
8!8+898K8Y8v8
9-9;9E9_9i9w9
:;:T:g:u:
;-;<;\;y;
<!<7<E<d<s<
=*=E=L=Z=t=
>(>2>L>V>d>o>}>
?1?=?G?`?k?y?
151C1Q1
2)2C2M2[2f2t2
323>3H3a3l3z3
5*5C5Q5_5
6"606:6T6^6l6w6
6,7C7O7Y7o7}7
<'<E<W<i<w<
=)=F=M=[=i=
>7>I>]>g>
?&???]?v?
0&040S0b0{0
131L1b1p1
282?2M2[2y2
3+3M3a3~3
3&484W4g4
6-6K6]6o6}6
7%7/7L7S7a7o7
8$8=8O8c8q8
9,9E9c9|9
:,:::Y:h:
;!;2;R;h;v;
<$<=<D<R<`<~<
<	="=4=V=j=
=$>6>R>p>
0(060T0f0x0
1 1.181U1\1j1x1
2-2F2X2p2z2
3&353N3l3
4&484F4e4t4
5"505N5]5z5
6,666O6V6d6r6
7&7?7T7r7|7
808B8^8|8
9+999G9
:#:*:8:F:d:v:
;*;5;C;M;j;q;
<,<F<y<
> >'>5>C>a>p>~>
?#?<?C?Q?[?r?
1#181F1T1
2"202:2S2Z2h2~2
2A3_3k3u3
5 595@5N5\5z5
5*6K6W6a6}6
]0g0q0{0
3u4+566
4g5k5o5s5w5{5
3!4'4f4
4I5\5b5l5
646@6p6
7!7'7-73797?7E7K7Q7W7]7c7i7o7u7{7
8#8)8/858;8A8G8M8`8e8k8q8w8}8
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9
:!:+:3:<:B:K:f:v:
:P;V;\;d;
6 6$6(6,6064686<6Q6V6a6i6
7 7S7X7k7p7z7
8%81878A8M8S8]8b8g8l8
9%999?9G9N9T9Y9_9!:B:]:
;$<B<]<
> >+>V>`>
131=1V1e1o1y1
2'202=2P2V2
3V4\4q4{4
445U5e5j5
7"7I7N7a7
9 9&999E9`9f9y9
: :&:9:E:`:f:y:
; ;&;9;E;`;f;y;
;[<a<t<
=!=4=@=[=a=t=
>7>=>J>P>k>q>~>
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?
50A0h0
11171D1U1l1r1*3
8 8B8h8r8
:;;M;k;
<M<k<u<
=N=V=\=b=
>+>Q>x>~>
040[0e0
505[5{5
6)6q6{6
6C7M7s7!8+8Q8
97;>;??I?
3"4,4[4
485<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5
405<5[5
7;7M7X8
:2;^;h;
>N>z>'?^?w?
&0@0a0
0&1N1w1
?7?W?a?
1I1Z1}1
2:2S2v2
4 4$4(4,40444
6-7K7m758_8
9A9K9^9
<0<7<=<
0&0+0Y0g0l0
2.2f2s2}2
66W6f6o6z6
6+7K7u7
8(8.838:8M8R8[8a8u8
8W9`9q9
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>
F1c142Z2
6G7Q7l7
7$858F8K8d8
;&<><_<
=^>d>x>
?5???F?y?
	0;0A0O0
353G3[3
5)5:5V5m5
566;6G6X6f6t6
<5=]=l=y=
2:3?3}3
6)7K7k7
9,92989>9F9R9Z9`9g9q9v9
:V:[:q:w:
;!;';+;1;A;F;b;j;u;{;
<&</<5<<<B<G<O<W<_<g<m<r<|<
=9=p=v=|=
>%><>D>J>O>U>Z>
?.?I?R?X?
0X1\1`1d1h1l1p1t1x1|1
1\2`2d2h2l2p2t2x2|2d3h3l3p3t3
5(51575B5J5W5]5l5t5z5
6$61666C6H6U6Z6g6l6y6~6
4!484U4r4
5)6*7B7H7X7
8F8\8h8
9`:f:m:t:z:
; ;&;,;2;7;=;C;I;N;T;Z;`;e;k;q;w;|;
<#<)</<4<:<@<F<K<Q<W<]<b<h<n<t<y<
= =&=,=1=7===C=H=N=T=Z=_=e=k=q=v=|=
>*>7>=>_>s>{>
>B?n?w?
0%0*000:0D0T0d0t0}0
1"1'1-171A1T1Y1
1 2I2X2k2w2
7E7]7c7m7
9'909>9G9Z9;:[:e:
<'<-<T<z<
=;=m=w=
2'2E2S2
484?4D4H4L4P4
W0_0q0
4(5/54585<5@5
5O8p8~8
6!6L6Q6v6
7.7I7W7c7o7
7+8C8S8e8j8o8
9D9P9U9Z9
:!:>;E;|;
=+>8>h>
>#?'?+?/?3?7?;???
?0C0G0K0O0S0W0[0
0_1c1g1k1o1s1w1{1
0t0N8h8
0)070C0O0]0m0
2\4/5i6,7
4^5f5m6u6
8/84898
5d8`;h;
2G2N2e2{2
383K3U3n3
3%4;4v4}4
;(<4<Q<
=7=x=">F>O?s?
0M0j0~0
3O3Y3t3
4#5.5>5
6!6+6J6h6
-0<0a0
051A1M1
444:4L4_4|4
5+525A5N5j5
8"8:8?8K8P8d8+929D9Q9c9k9u9~9
;Q;\;I=S=o=v=
4N4e4p4x4
5!5/565>5V5c5o5w5
6*7>7Z7
<7===Z=
C0J0w0~0
1&1D1k1
1 252E2R2l2s2}2
4!6)656B6J6R6Z6b6k6t6|6
8	8E8L8s8|8
9J;U;\;b;q;x;
<]<h<u<~<
<4=>=S=c=
=3===G="?-?i?{?
0)1;1o1
2,21262F2K2P2`2e2j2
2 3N3V3
3!4,41464S4x4
5&51565;5V5`5|5
6(63686=6[6e6
8%8G8R8W8\8t8
;(;-;;;
5(6F6d6
=j=o=t=y=
:1;=;O;
!0.0_0m0y0
5#555G5Y5k5}5
141I1Z1
2V2^2f2n2
3v3i4|4
6%696D6
435:5[8P9X9
90;;;N;X;v;
>%>D>J>
D0V0h0
1:1_1k1w1
112=2I2U2h2
666g628
9#909B9
9':<:E:N:
6	6'6/6
607Z7b7
<5=J=U=c=
K0Y0c0o0
022N2F3K3]3{3
0-0H0c0
0<1F1P1_1i1t1
3$3(3,303@3D3H3`3d3h3|3
6(:L:P:T:h:l:p:H;L;P;T;X;\;`;d;h;l;p;t;x;|;
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
1$1(1,1014181<1@1L1T1\1`1d1h1l1
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
7Z9^9b9f94:<:D:L:T:\:d:l:t:|:
;$;,;4;<;D;L;T;\;d;l;t;|;
<$<,<4<<<D<L<T<\<d<l<t<|<
=$=,=4=<=D=L=T=\=d=l=t=|=
>$>,>4><>D>L>T>\>d>l>t>|>
?$?,?4?<?D?L?T?\?d?l?t?|?
0$0,040<0D0L0T0\0d0l0t0|0
1$1,141<1D1L1P;X;`;h;p;x;
< <(<0<8<@<H<P<X<`<h<p<x<
= =(=0=8=@=H=P=X=`=h=p=x=
> >(>0>8>@>H>P>X>`>h>p>x>
? ?(?0?8?@?H?P?X?`?h?p?x?
0 0(00080@0H0P0X0`0h0p0x0
1 1(10181@1H1P1X1`1h1p1x1
2 2(20282@2H2P2X2`2h2
0$0,040<0D0L0T0\0d0l0t0|0
>$>,>4><>D>L>T>\>d>l>t>|>
?$?,?4?<?D?L?T?\?d?l?t?|?
0$0,040<0D0L0$5(5,5054585
9 909@9P9`9p9
: :0:@:P:`:p:
; ;0;@;P;`;
7 7(7,74787@7D7L7P7X7\7d7h7p7t7X9\9`9d9h9l9p9t9x9|9
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
182<2@2D2H2L2P2T2X2\2`2d2h2l2p2
;,;0;4;<;T;d;h;x;|;
<$<<<L<P<`<d<h<p<
=,=0=@=D=H=P=h=l=
> >0>4>D>H>`>d>h>|>
? ?0?4?<?T?X?`?x?
04080@0X0h0x0|0
1(181<1L1P1T1X1\1p1t1
2$24282P2`2d2h2
7 7@7H7T7t7
7$8,8`8p8|8
9$9,949<9D9L9T9`9
:(:H:T:t:|:
; ;<;@;\;`;h;p;x;|;
< <(<,<<<`<l<t<
=8=X=x=
>8>X>x>
?8?X?x?
080X0x0
181X1x1
2(202H2T2|2
3$383@3X3`3l3
d0h0l0p0t0x0|0
0p1t1x1|1
1X3\3x3
40444p4
: :$: ;<;X;x;
=0=H=l=
>(>@>X>t>