Sample details: 9fe89e360437ac7e6f8ee02cd4680c5f --

Hashes
MD5: 9fe89e360437ac7e6f8ee02cd4680c5f
SHA1: 15b24fdff2f520bf85acb88f2d773a0a5bb590b0
SHA256: 35413403b594fb8e38315e9e0eec93a35cd2cbe6f4ee8bb3aae712d623746b75
SSDEEP: 49152:VmGF/4GKhdl9Wqg228aEGYRv9n8BO3t2ftZQ3KOZBD:VmC/4LGYPni9tu6OZt
Details
File Type: PE32
Yara Hits
CuckooSandbox/embedded_macho | YRP/IsPE32 | YRP/IsDLL | YRP/IsConsole | YRP/HasOverlay | YRP/HasDebugData | YRP/HasRichSignature | YRP/with_images | YRP/without_attachments | YRP/with_urls | YRP/powershell | YRP/Contains_VBE_File | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/maldoc_OLE_file_magic_number | YRP/System_Tools | YRP/Browsers | YRP/Antivirus | YRP/Sandboxie_Detection | YRP/Dropper_Strings | YRP/Misc_Suspicious_Strings | YRP/DebuggerCheck__QueryInfo | YRP/antisb_sandboxie | YRP/network_tcp_socket | YRP/spreading_file | YRP/win_files_operation | YRP/android_meterpreter | YRP/Big_Numbers1 | YRP/CRC32_poly_Constant | YRP/CRC32_table | YRP/CRC16_table | YRP/MD5_Constants | YRP/RijnDael_AES_CHAR | YRP/RijnDael_AES_LONG | YRP/spyeye_plugins | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Http_API | YRP/JavaDropper | YRP/UPX | YRP/with_sqlite | YRP/suspicious_packer_section | YRP/DMALocker | YRP/DMALocker4 | KevTheHermit/JavaDropper |
Strings
		!This program cannot be run in DOS mode.
`.data
@.reloc
16926</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p3><p1>001</p1><p2>001</p2></p3><p4>4307.12</p4><p5>4307.12</p5><p6>4307.12</p6><p7>420.37</p7><p8>64.61</p8><p9>105.52</p9><p11>420.37</p11><p12>279.96</p12><p14>36.18</p14><p27>0.00</p27><p28>1327.01</p28></B><C><p1>4122.30</p1><p4>371.01</p4></C></III>
<III id_bloku="28"  status_kontroli="0"  status_weryfikacji="P" ><identyfikacja.UB><id_UB_ZUS>166700981</id_UB_ZUS><id_UB_ZUS_status>I</id_UB_ZUS_status></identyfikacja.UB>
<A><p1>SITEK</p1><p2>BARBARA</p2><p3>P</p3><p4>73061014587</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p3><p1>001</p1><p2>001</p2></p3><p4>2119.50</p4><p5>2119.50</p5><p6>2119.50</p6><p7>206.86</p7><p8>31.79</p8><p9>51.93</p9><p11>206.86</p11><p12>137.77</p12><p14>17.80</p14><p27>0.00</p27><p28>653.01</p28></B><C><p1>1828.92</p1><p4>164.60</p4></C></III>
<III id_bloku="29"  status_kontroli="0"  status_weryfikacji="P" ><identyfikacja.UB><id_UB_ZUS>6530321</id_UB_ZUS><id_UB_ZUS_status>I</id_UB_ZUS_status></identyfikacja.UB>
<A><p1>SIERANT</p1><p2>MA
GORZATA</p2><p3>P</p3><p4>60071507323</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p3><p1>001</p1><p2>001</p2></p3><p4>4466.53</p4><p5>4466.53</p5><p6>4466.53</p6><p7>435.93</p7><p8>67.00</p8><p9>109.43</p9><p11>435.93</p11><p12>290.32</p12><p14>37.52</p14><p27>0.00</p27><p28>1376.13</p28></B><C><p1>4181.08</p1><p4>376.30</p4></C></III>
<III id_bloku="30"  status_kontroli="0"  status_weryfikacji="P" ><identyfikacja.UB><id_UB_ZUS>6530338</id_UB_ZUS><id_UB_ZUS_status>I</id_UB_ZUS_status></identyfikacja.UB>
<A><p1>WOSZCZYK</p1><p2>ZBIGNIEW</p2><p3>P</p3><p4>67071307090</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p3><p1>001</p1><p2>001</p2></p3><p4>4123.70</p4><p5>4123.70</p5><p6>4123.70</p6><p7>402.47</p7><p8>61.86</p8><p9>101.03</p9><p11>402.47</p11><p12>268.04</p12><p14>34.64</p14><p27>0.00</p27><p28>1270.51</p28></B><C><p1>3558.34</p1><p4>320.25</p4></C></III>
<III id_bloku="31"  status_kontroli="0"  status_weryfikacji="P" ><identyfikacja.UB><id_UB_ZUS>17372502</id_UB_ZUS><id_UB_ZUS_status>I</id_UB_ZUS_status></identyfikacja.UB>
<A><p1>ZIELI
SKI</p1><p2>ADRIAN</p2><p3>P</p3><p4>72122215538</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p3><p1>002</p1><p2>003</p2></p3><p4>1948.78</p4><p5>1948.78</p5><p6>1948.78</p6><p7>190.20</p7><p8>29.23</p8><p9>47.75</p9><p11>190.20</p11><p12>126.67</p12><p14>16.37</p14><p27>0.00</p27><p28>600.42</p28></B><C><p1>1681.60</p1><p4>151.34</p4></C></III>
<III id_bloku="32"  status_kontroli="0"  status_weryfikacji="P" ><identyfikacja.UB><id_UB_ZUS>41054823</id_UB_ZUS><id_UB_ZUS_status>I</id_UB_ZUS_status></identyfikacja.UB>
<A><p1>PIELU
EK</p1><p2>ZDZIS
AWA</p2><p3>P</p3><p4>66011407780</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p3><p1>001</p1><p2>001</p2></p3><p4>5988.23</p4><p5>5988.23</p5><p6>5988.23</p6><p7>584.45</p7><p8>89.82</p8><p9>146.71</p9><p11>584.45</p11><p12>389.23</p12><p14>50.30</p14><p27>0.00</p27><p28>1844.96</p28></B><C><p1>5167.25</p1><p4>465.05</p4></C></III>
<III id_bloku="33"  status_kontroli="0"  status_weryfikacji="P" ><identyfikacja.UB><id_UB_ZUS>199919690</id_UB_ZUS><id_UB_ZUS_status>I</id_UB_ZUS_status></identyfikacja.UB>
<A><p1>KUBICZ</p1><p2>KATARZYNA</p2><p3>P</p3><p4>90082214589</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p3><p1>001</p1><p2>001</p2></p3><p4>2000.00</p4><p5>2000.00</p5><p6>2000.00</p6><p7>195.20</p7><p8>30.00</p8><p9>49.00</p9><p11>195.20</p11><p12>130.00</p12><p14>16.80</p14><p27>0.00</p27><p28>616.20</p28></B><C><p1>1725.80</p1><p4>155.32</p4></C></III>
<III id_bloku="34"  status_kontroli="0"  status_weryfikacji="P" ><identyfikacja.UB><id_UB_ZUS>188987143</id_UB_ZUS><id_UB_ZUS_status>I</id_UB_ZUS_status></identyfikacja.UB>
<A><p1>JAGIE
O</p1><p2>MAGDALENA</p2><p3>P</p3><p4>78100603007</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p3><p1>001</p1><p2>001</p2></p3><p4>5799.99</p4><p5>5799.99</p5><p6>5799.99</p6><p7>566.08</p7><p8>87.00</p8><p9>142.10</p9><p11>566.08</p11><p12>377.00</p12><p14>48.72</p14><p27>0.00</p27><p28>1786.98</p28></B><C><p1>5004.81</p1><p4>450.43</p4></C></III>
<III id_bloku="35"  status_kontroli="0"  status_weryfikacji="P" ><identyfikacja.UB><id_UB_ZUS>6515347</id_UB_ZUS><id_UB_ZUS_status>I</id_UB_ZUS_status></identyfikacja.UB>
<A><p1>CECOTKA</p1><p2>TERESA</p2><p3>P</p3><p4>63010107307</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p3><p1>001</p1><p2>001</p2></p3><p4>5177.48</p4><p5>5177.48</p5><p6>5177.48</p6><p7>505.32</p7><p8>77.66</p8><p9>126.85</p9><p11>505.32</p11><p12>336.54</p12><p14>43.49</p14><p27>0.00</p27><p28>1595.18</p28></B><C><p1>4467.65</p1><p4>402.09</p4></C></III>
<III id_bloku="36"  status_kontroli="0"  status_weryfikacji="P" ><identyfikacja.UB><id_UB_ZUS>6530328</id_UB_ZUS><id_UB_ZUS_status>I</id_UB_ZUS_status></identyfikacja.UB>
<A><p1>TURNIAK</p1><p2>ZBIGNIEW</p2><p3>P</p3><p4>66110208958</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p3><p1>001</p1><p2>001</p2></p3><p4>4177.68</p4><p5>4177.68</p5><p6>4177.68</p6><p7>407.74</p7><p8>62.67</p8><p9>102.35</p9><p11>407.74</p11><p12>271.55</p12><p14>35.09</p14><p27>0.00</p27><p28>1287.14</p28></B><C><p1>3604.92</p1><p4>324.44</p4></C></III>
<III id_bloku="37"  status_kontroli="0"  status_weryfikacji="P" ><identyfikacja.UB><id_UB_ZUS>6530300</id_UB_ZUS><id_UB_ZUS_status>I</id_UB_ZUS_status></identyfikacja.UB>
<A><p1>MAGIERA</p1><p2>ANETA</p2><p3>P</p3><p4>70073012705</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p3><p1>001</p1><p2>001</p2></p3><p4>5694.34</p4><p5>5694.34</p5><p6>5694.34</p6><p7>555.77</p7><p8>85.42</p8><p9>139.51</p9><p11>555.77</p11><p12>370.13</p12><p14>47.83</p14><p27>0.00</p27><p28>1754.43</p28></B><C><p1>4913.64</p1><p4>442.23</p4></C></III>
<III id_bloku="38"  status_kontroli="0"  status_weryfikacji="P" ><identyfikacja.UB><id_UB_ZUS>41733174</id_UB_ZUS><id_UB_ZUS_status>I</id_UB_ZUS_status></identyfikacja.UB>
<A><p1>A
ASZEWSKI</p1><p2>ADAM</p2><p3>P</p3><p4>68013005874</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p3><p1>001</p1><p2>001</p2></p3><p4>2026.40</p4><p5>2026.40</p5><p6>2026.40</p6><p7>197.78</p7><p8>30.40</p8><p9>49.65</p9><p11>197.78</p11><p12>131.72</p12><p14>17.02</p14><p27>0.00</p27><p28>624.35</p28></B><C><p1>1748.57</p1><p4>157.37</p4></C></III>
<III id_bloku="39"  status_kontroli="0"  status_weryfikacji="P" ><identyfikacja.UB><id_UB_ZUS>6530342</id_UB_ZUS><id_UB_ZUS_status>I</id_UB_ZUS_status></identyfikacja.UB>
<A><p1>ZIELI
SKA</p1><p2>IRENA</p2><p3>P</p3><p4>65100602884</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p3><p1>001</p1><p2>001</p2></p3><p4>5573.31</p4><p5>5573.31</p5><p6>5573.31</p6><p7>543.96</p7><p8>83.60</p8><p9>136.55</p9><p11>543.96</p11><p12>362.27</p12><p14>46.82</p14><p27>0.00</p27><p28>1717.16</p28></B><C><p1>4809.20</p1><p4>432.83</p4></C></III>
<III id_bloku="40"  status_kontroli="0"  status_weryfikacji="P" ><identyfikacja.UB><id_UB_ZUS>13974912</id_UB_ZUS><id_UB_ZUS_status>I</id_UB_ZUS_status></identyfikacja.UB>
<A><p1>WIECZOREK</p1><p2>JOANNA</p2><p3>P</p3><p4>73112314288</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p3><p1>001</p1><p2>001</p2></p3><p4>0.00</p4><p5>0.00</p5><p6>0.00</p6><p7>0.00</p7><p8>0.00</p8><p9>0.00</p9><p11>0.00</p11><p12>0.00</p12><p14>0.00</p14><p27>0.00</p27><p28>0.00</p28></B><C><p1>0.00</p1><p4>0.00</p4></C></III>
<III id_bloku="41"  status_kontroli="0"  status_weryfikacji="P" ><identyfikacja.UB><id_UB_ZUS>13253211</id_UB_ZUS><id_UB_ZUS_status>I</id_UB_ZUS_status></identyfikacja.UB>
<A><p1>WIECZOREK</p1><p2>JADWIGA</p2><p3>P</p3><p4>56110914445</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p3><p1>001</p1><p2>001</p2></p3><p4>3445.00</p4><p5>3445.00</p5><p6>3445.00</p6><p7>336.23</p7><p8>51.68</p8><p9>84.40</p9><p11>336.23</p11><p12>223.93</p12><p14>28.94</p14><p27>0.00</p27><p28>1061.41</p28></B><C><p1>2972.69</p1><p4>267.54</p4></C></III>
<III id_bloku="42"  status_kontroli="0"  status_weryfikacji="P" ><identyfikacja.UB><id_UB_ZUS>6530291</id_UB_ZUS><id_UB_ZUS_status>I</id_UB_ZUS_status></identyfikacja.UB>
<A><p1>LEWI
SKA</p1><p2>BOGUS
AWA</p2><p3>P</p3><p4>62051010784</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p3><p1>001</p1><p2>001</p2></p3><p4>7859.80</p4><p5>7859.80</p5><p6>7859.80</p6><p7>767.12</p7><p8>117.90</p8><p9>192.57</p9><p11>767.12</p11><p12>510.89</p12><p14>66.02</p14><p27>0.00</p27><p28>2421.62</p28></B><C><p1>6782.21</p1><p4>610.40</p4></C></III>
<III id_bloku="43"  status_kontroli="0"  status_weryfikacji="P" ><identyfikacja.UB><id_UB_ZUS>199937242</id_UB_ZUS><id_UB_ZUS_status>I</id_UB_ZUS_status></identyfikacja.UB>
<A><p1>JAGIE
O</p1><p2>PIOTR</p2><p3>P</p3><p4>81043007557</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p3><p1>001</p1><p2>001</p2></p3><p4>4303.45</p4><p5>4303.45</p5><p6>4303.45</p6><p7>420.02</p7><p8>64.55</p8><p9>105.43</p9><p11>420.02</p11><p12>279.72</p12><p14>36.15</p14><p27>0.00</p27><p28>1325.89</p28></B><C><p1>3713.45</p1><p4>334.21</p4></C></III>
<III id_bloku="44"  status_kontroli="0"  status_weryfikacji="P" ><identyfikacja.UB><id_UB_ZUS>41011092</id_UB_ZUS><id_UB_ZUS_status>I</id_UB_ZUS_status></identyfikacja.UB>
<A><p1>BARTOSIEWICZ</p1><p2>KATARZYNA</p2><p3>P</p3><p4>72021317283</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p3><p1>001</p1><p2>001</p2></p3><p4>5124.18</p4><p5>5124.18</p5><p6>5124.18</p6><p7>500.12</p7><p8>76.86</p8><p9>125.54</p9><p11>500.12</p11><p12>333.07</p12><p14>43.04</p14><p27>0.00</p27><p28>1578.75</p28></B><C><p1>4421.66</p1><p4>397.95</p4></C></III>
<III id_bloku="45"  status_kontroli="0"  status_weryfikacji="P" ><identyfikacja.UB><id_UB_ZUS>6515350</id_UB_ZUS><id_UB_ZUS_status>I</id_UB_ZUS_status></identyfikacja.UB>
<A><p1>KO
SKA</p1><p2>BEATA</p2><p3>P</p3><p4>70111603643</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p3><p1>001</p1><p2>001</p2></p3><p4>6093.98</p4><p5>6093.98</p5><p6>6093.98</p6><p7>594.77</p7><p8>91.41</p8><p9>149.30</p9><p11>594.77</p11><p12>396.11</p12><p14>51.19</p14><p27>0.00</p27><p28>1877.55</p28></B><C><p1>5258.50</p1><p4>473.27</p4></C></III>
<III id_bloku="46"  status_kontroli="0"  status_weryfikacji="P" ><identyfikacja.UB><id_UB_ZUS>17216553</id_UB_ZUS><id_UB_ZUS_status>I</id_UB_ZUS_status></identyfikacja.UB>
<A><p1>PIELU
EK</p1><p2>SYLWIA</p2><p3>P</p3><p4>80051417189</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p3><p1>001</p1><p2>001</p2></p3><p4>2128.50</p4><p5>2128.50</p5><p6>2128.50</p6><p7>207.74</p7><p8>31.93</p8><p9>52.15</p9><p11>207.74</p11><p12>138.35</p12><p14>17.88</p14><p27>0.00</p27><p28>655.79</p28></B><C><p1>1836.68</p1><p4>165.30</p4></C></III>
<III id_bloku="47"  status_kontroli="0"  status_weryfikacji="Z" ><identyfikacja.UB><id_UB_ZUS>6533779</id_UB_ZUS><id_UB_ZUS_status>I</id_UB_ZUS_status></identyfikacja.UB>
<A><p1>DROZDOWSKA</p1><p2>MIECZYS
AWA</p2><p3>P</p3><p4>59092204287</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p3><p1>001</p1><p2>001</p2></p3><p4>2086.00</p4><p5>2086.00</p5><p6>2086.00</p6><p7>203.59</p7><p8>31.29</p8><p9>51.11</p9><p11>203.59</p11><p12>135.59</p12><p14>17.52</p14><p27>0.00</p27><p28>642.69</p28></B><C><p1>1800.01</p1><p4>162.00</p4></C></III>
<V><p1>2017-07-04</p1></V>
<stopka.DP>
<blad><kod>69004501</kod><klasa>Z</klasa><id_dokumentu>2</id_dokumentu><blok>3</blok><pole>8</pole><id_bloku>47</id_bloku></blad>
<blad><kod>69004502</kod><klasa>Z</klasa><id_dokumentu>2</id_dokumentu><blok>3</blok><pole>9</pole><id_bloku>47</id_bloku></blad>
<blad><kod>69004503</kod><klasa>Z</klasa><id_dokumentu>2</id_dokumentu><blok>3</blok><pole>10</pole><id_bloku>47</id_bloku></blad>
<blad><kod>69004504</kod><klasa>Z</klasa><id_dokumentu>2</id_dokumentu><blok>3</blok><pole>33</pole><id_bloku>47</id_bloku></blad>
</stopka.DP>
</ZUSRCA>
<ZUSRSA id_dokumentu="3"  status_kontroli="0"  status_weryfikacji="P" >
<identyfikacja.PL><id_PL_ZUS>185956635</id_PL_ZUS><id_PL_ZUS_status>I</id_PL_ZUS_status></identyfikacja.PL>
<I><p1><p1>01</p1><p2>2017-06</p2></p1></I>
<II><p1>7712539093</p1><p2>592145814</p2><p6>ZSG W NIECHCICACH</p6></II>
<III id_bloku="1"  status_kontroli="0"  status_weryfikacji="P" ><identyfikacja.UB><id_UB_ZUS>198215252</id_UB_ZUS><id_UB_ZUS_status>I</id_UB_ZUS_status></identyfikacja.UB>
<A><p1>JARZ
BSKA</p1><p2>LAURENCJA</p2><p3>P</p3><p4>78010616926</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p2>331</p2><p3>2017-05-19</p3><p4>2017-05-22</p4><p5>4</p5><p6>405.68</p6></B></III>
<III id_bloku="2"  status_kontroli="0"  status_weryfikacji="P" ><identyfikacja.UB><id_UB_ZUS>6530321</id_UB_ZUS><id_UB_ZUS_status>I</id_UB_ZUS_status></identyfikacja.UB>
<A><p1>SIERANT</p1><p2>MA
GORZATA</p2><p3>P</p3><p4>60071507323</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p2>331</p2><p3>2017-05-23</p3><p4>2017-05-25</p4><p5>3</p5><p6>326.91</p6></B></III>
<III id_bloku="3"  status_kontroli="0"  status_weryfikacji="P" ><identyfikacja.UB><id_UB_ZUS>13974912</id_UB_ZUS><id_UB_ZUS_status>I</id_UB_ZUS_status></identyfikacja.UB>
<A><p1>WIECZOREK</p1><p2>JOANNA</p2><p3>P</p3><p4>73112314288</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p2>313</p2><p3>2017-05-08</p3><p4>2017-06-07</p4><p5>31</p5><p6>3038.31</p6></B></III>
<III id_bloku="4"  status_kontroli="0"  status_weryfikacji="P" ><identyfikacja.UB><id_UB_ZUS>193224231</id_UB_ZUS><id_UB_ZUS_status>I</id_UB_ZUS_status></identyfikacja.UB>
<A><p1>KRZYSZTOFIK</p1><p2>MARTA</p2><p3>P</p3><p4>81061304689</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p2>312</p2><p3>2017-05-17</p3><p4>2017-05-22</p4><p5>6</p5><p6>452.46</p6></B></III>
<III id_bloku="5"  status_kontroli="0"  status_weryfikacji="P" ><identyfikacja.UB><id_UB_ZUS>204606861</id_UB_ZUS><id_UB_ZUS_status>I</id_UB_ZUS_status></identyfikacja.UB>
<A><p1>KARKOCHA</p1><p2>KATARZYNA</p2><p3>P</p3><p4>90040504981</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p2>331</p2><p3>2017-05-18</p3><p4>2017-05-18</p4><p5>1</p5><p6>76.81</p6></B></III>
<III id_bloku="6"  status_kontroli="0"  status_weryfikacji="P" ><identyfikacja.UB><id_UB_ZUS>41795468</id_UB_ZUS><id_UB_ZUS_status>I</id_UB_ZUS_status></identyfikacja.UB>
<A><p1>K
YS</p1><p2>AGNIESZKA</p2><p3>P</p3><p4>74062815665</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p2>331</p2><p3>2017-06-23</p3><p4>2017-06-30</p4><p5>8</p5><p6>370.48</p6></B></III>
<III id_bloku="7"  status_kontroli="0"  status_weryfikacji="P" ><identyfikacja.UB><id_UB_ZUS>6530326</id_UB_ZUS><id_UB_ZUS_status>I</id_UB_ZUS_status></identyfikacja.UB>
<A><p1>SIE
KO</p1><p2>BO
ENA</p2><p3>P</p3><p4>62021313785</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p2>313</p2><p3>2017-05-29</p3><p4>2017-06-02</p4><p5>5</p5><p6>647.70</p6></B></III>
<III id_bloku="8"  status_kontroli="0"  status_weryfikacji="P" ><identyfikacja.UB><id_UB_ZUS>6521448</id_UB_ZUS><id_UB_ZUS_status>I</id_UB_ZUS_status></identyfikacja.UB>
<A><p1>DUDZIK-GOZDEK</p1><p2>BOGUS
AWA</p2><p3>P</p3><p4>76030516781</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p2>331</p2><p3>2017-05-05</p3><p4>2017-05-05</p4><p5>1</p5><p6>90.34</p6></B></III>
<III id_bloku="9"  status_kontroli="0"  status_weryfikacji="P" ><identyfikacja.UB><id_UB_ZUS>19753017</id_UB_ZUS><id_UB_ZUS_status>I</id_UB_ZUS_status></identyfikacja.UB>
<A><p1>WI
CKOWSKA</p1><p2>EWA</p2><p3>P</p3><p4>80122512883</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p2>331</p2><p3>2017-05-25</p3><p4>2017-05-26</p4><p5>2</p5><p6>92.92</p6></B></III>
<III id_bloku="10"  status_kontroli="0"  status_weryfikacji="P" ><identyfikacja.UB><id_UB_ZUS>16881628</id_UB_ZUS><id_UB_ZUS_status>I</id_UB_ZUS_status></identyfikacja.UB>
<A><p1>LE
NIEWSKA</p1><p2>KATARZYNA</p2><p3>P</p3><p4>72012115902</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p2>331</p2><p3>2017-05-02</p3><p4>2017-05-12</p4><p5>11</p5><p6>1179.64</p6></B></III>
<III id_bloku="11"  status_kontroli="0"  status_weryfikacji="P" ><identyfikacja.UB><id_UB_ZUS>13253210</id_UB_ZUS><id_UB_ZUS_status>I</id_UB_ZUS_status></identyfikacja.UB>
<A><p1>WACZY
SKA</p1><p2>ALICJA</p2><p3>P</p3><p4>58080702987</p4></A><B><p1><p1>0110</p1><p2>0</p2><p3>0</p3></p1><p2>331</p2><p3>2017-05-15</p3><p4>2017-05-15</p4><p5>1</p5><p6>69.64</p6></B></III>
<XI><p1>2017-07-04</p1></XI>
</ZUSRSA>
<stopka.KEDU>
<blad><kod>61000102</kod><klasa>Z</klasa><id_dokumentu>2</id_dokumentu><blok>1</
< BPMp
NORPPL
%C$*% 
!%C$*% 
E; 5 <
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
Washington1
Redmond1
Microsoft Corporation1!0
Microsoft Time-Stamp PCA
090714022251Z0#
wwwwwwwwwwwwwwwwwwwwwwp
xxxxwx
44';{;{
qgS{{yx
333333;{
3+dtSe
@QI*I%Y-V
zTXtjpeg:colorspace
$zTXtjpeg:sampling-factor
<zTXtrdf:about
LMLKJN1
L3N60J
1zTXtxmlns:exif
content.xmlUT	
hQM'KAc
J>/_}4[
6^v(c<
mhY'rs
#D|;Gf
meta.xmlUT	
UK*(V,
mimetypeUT	
settings.xmlUT	
fZq{t1"[
MHKWkGW?Y$
`r'dJj_X
)jES#J
`!i{"^MX
styles.xmlUT	
2+K1-V
"7X")-
WT4Vu7
p@2(lj
XKB'Cd*
{6nsf2
$zT!V<=
@nmOqb
Configurations2/UT
Configurations2/images/UT
Configurations2/images/Bitmaps/UT
Configurations2/statusbar/UT
Configurations2/progressbar/UT
Configurations2/accelerator/UT
Configurations2/accelerator/current.xmlUT
Configurations2/popupmenu/UT
Configurations2/menubar/UT
Configurations2/floater/UT
Configurations2/toolbar/UT
META-INF/UT
META-INF/manifest.xmlUT
Pictures/UT
Pictures/43719841273681560515954100002972.jpgUT
Pictures/90223060323625198422493220642233.jpgUT
Thumbnails/UT
Thumbnails/thumbnail.pngUT
content.xmlUT
meta.xmlUT
mimetypeUT
settings.xmlUT
styles.xmlUT
{4Ix u
g-yINDX(
ESET module
15770 (20170719)
`.rdata
@.data
@.reloc
;Q(r w
f9A u	
F@S;x0u$
st9~,u
uj;sHu
;C<t	2
w _^[]
BE:AEu`
BF:AFuX
AG8BGuP
BH:AHuH
IP8JP[
D$(Ph$
GH8WFt"
u"<#u(
<0r,<9w(
<0r!<9w
< t~<	tz<
u&< tf<	tb<
L,!<]wO
< t6<	t2<
<0.oneuM;
9CHNKu
=M4A tp=M4B ti=M4P tb=qt  u
=3gp4t8=3gp5t1=3gp6t*=3g2au
=f4v u3jU
9webmu	j\
-=<Visu&
u.9V(u"
QQj:PR
QQj:PRV
F8;C8t
F1=BOO
;V4tCS
t);N$rA;N(w<
>UPX!uQ
=UPX!t
=UPX!t
F1=COM
]]]]]]]]]]]
]]]]]]]]]]]]
]]]]]]]]]]
]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]
 !"#$%&'()*+,-./0123456789:;<=]]>?]@AB]CDEFGHIJK]]LMNOPQRS]]]]]TUVWXYZ[\
$%&&'(
)*++,-
./0/1234455E657889933:;<;=>3
EEEEEEEEEEEEEEE
EEE@A@BCD
////////
 ///!///"#//////$%&&//'/
()*+,+-.-
^< u03
^< u03
^< u03
b _^[]
b _^[]
b _^[]
b _^[]
b _^[]
b _^[]
b _^[]
b _^[]
b _^[]
b _^[]
b _^[]
b _^[]
b _^[]
b _^[]
b _^[]
b _^[]
b _^[]
b _^[]
b _^[]
b _^[]
b _^[]
b _^[]
b _^[]
b _^[]
b _^[]
b _^[]
G(_[^]
G8_[^]
G8_[^]
G0_[^]
G(_[^]
G _[^]
_ _[^]
b _^[]
b _^[]
b _^[]
b _^[]
b _^[]
b _^[]
b _^[]
b _^[]
b _^[]
b _^[]
b _^[]
b _^[]
G(_[^]
G8_[^]
G8_[^]
G0_[^]
G(_[^]
G _[^]
_ _[^]
$8< u	
$8< u	
___________
____________
__________
________________________________________________
 !"#$%&'()*+,-./0123456789:;<=>?__@A_BCD_EFGHIJKLM__NOPQRSTU_____VWXYZ[\]^
444444
444444444444444444444444444444444444444444444444444444444444444444444444444444444
4 4!"44#44$%4&'(4)4*+,4-44./04123
222222222222222	
22222222222222222222222222222222
 2222222222222222!2222222222222222222222222222222222222222222222222222222222222"2222222222222222222#2$%&2222222222222222'22(222)2*22+,22-22.222/222222201py
																																																												
$%&&'(
)*++,-
./0/1234455E657889933:;<;=>3
EEEEEEEEEEEEEEE
EEE@A@BCD
$8< u	
$8< u	
$8< u	
$8< u	
%UUUU+
;A$rqw
;A$rnw
FtI+Fp
t6;9u'
=PK00uFhpp
8ITSFu
8MSCFu,
=BZh0u
8Cr24u
9begiu"
9xar!u 
=XML uS
kg:pu,
ackau"f9T
=XML u>
ion tB@=
8Fromu
>JMF6u
zN0707
BRf=07
z;0000
B?f=02
f=01ut
<A|S<F
Rap!ua
=BZh0u
tiz3u%
AD3A@=
<IR_u	
<z~/<A|
<Z~'<0|
t3=PK00t,
x(_FVHu 
tVShpp
L$0PRj
t$98t 
?_winu^
zip_uU
{SLFt&
x09x,s
PQj=WQ
PQj VR
t3;;u$
=</SCu
</XFu<
A:SCu4
=RIPTt
	r"j	h|z
=LOREwWtN=LL\1w9t-=(&0)t
=LL\0uS
=LL\2u#
q=OPENt;=AUTOt-=PLAYt
S(+W@+S
<<<<<<<<<<<<<<<<<
 !!"#$%&'()*+,-./01<23456789:;
w([_^]
BD;FDt
<0|F<9
<'t"A;
<>t	<<t
u'f9V>v
<"t5<'t
<"t#<'
L$,_^[3
wRt7= 	
A;H$s.
A;H$s<
8D$ uT
;L$,uj
D$$SRh
C;\$,r
D$(SRh
T$ VWj
8MSFTtm
t$(j	h
;L$$w	
   =.vbsuO
F1=MSP
u7f9D$
u0f9D$
=ATTRu
=FUNCu
$=PRIVu
=PUBLu
_^[f;P
									
																																													
SVWj@j
T$ +T$(
I"f;L;
t?<(t;<0t7f
L$0Pj	
D$HSVW
D$PSVW
D$PSVW
D$(SVW
D$HSVW
D$PSVW
D$HSVW
D$HSVW
D$HSVW
L$h^[3
L$ j&j
t;Gf;{
f9D$	u
@u1Qj\
f97uc;
t=OF<fu
8ROZIuw
UM32un
tTj-hX
8krz3uG
T$ ;D$8
L$x^[3
D$=3D$93D$53D$1
D$0;|$,
T$ VSjd
|$ Mu	
|$ Mub
|$!Zu[
D$/8D$.
D$:8D$;
D$pSVW
|$4f9x
:.aimu~
=.text
=CODEu	
uK9t$(uE
t38D$ t-j
8.pdau	
8PDATu	
L$T_^3
=.Shaw.tm=DGROw
td=BSS
t]=DATAtV=CODE
8=BEGTtH=.CRT
*=.bssw
t8=.relt1=.rsrt*=.tls
=.datt
=.text
=datat
u?G;|$ 
=.Shaw.tt=DGROw
tk=BSS
td=DATAt]=CODE
8=BEGTtO=.CRT
*=.bssw
t?=.relt8=.rsrt1=.tls
=.datt#=.text
=datat
=codet
f9D>	uJ
=anteuI
= by t
=.b fu9j
UPX0uU
UPX1uI
UPX2u'
x28expu.
8Expu%j
4}Du	j
ENIGus
.texu	
(;D$ r
t7<ht 
t ;D$Pt
.texu	
(;D$ r
;D$ r!
1<0rL<9v
<ArD<Zv
<ar<<zw8A
7;D$ uL
7;D$ u4
\$4u3f
.orpum
HYBRuy
8.tsuu"
8.tsuu
T$XjHR
|$`tiz3u?
MAILu?
FROMu2
RCPTu%j
;.dspuw
A<3A8=f
|$D	ub
otanu2
 6mgu%j
<'t@<?t<
^tWu:f
;L$Xt!
|$<	u#
W<;Wdt
EGFEu2
wfDUu%j
\$(u3f
v>;D$,s8
FC8u%j
D$$9D$P
D$$9D$Pu}
|$|	u!
|$Tu3f
\$,u3f
|$ 9|$
t$$;|$
<_t>< t:<-
8.Silu
8.lolu
TAGGui
ANTSu=j
8pebuu
\$$u3f
|$\	u#
um8D$,ug
+F4Sj	P
f9H	uF
{SKHCB
D$89D$`
T$$VW3
;;L$0s
=RDHIuG
DNEIth
^#~@u@
~1HTMLu
?<SCRu
9VBSCu
?FUNCu	
?</SCu
?--><u
?ONERu
?RANDu
?@ECHu	
?@CTTu
8<manu
><?XMu
><VTAu
G1=HTM
tK=DOC
>< t]<"t
><_t43
><_t	< t
9#INCu	
<0|	<9
9<?xmu
9<xdpu
<>t)<<
,0<	wl
>TVpQuU
SzvguA
5!Thi9F4uA
 p9F8u5
rogr9N<u*j
D$ =.exet
=.scrt
=.comt
=.pifu#j
=.exet
=.scrt
=.comt
=.pifu
D$4f;T$$
t=f;T$
t=f;T$,t/f;T$0t(
( EMFu9
Ow.;O0r)j
O,_^[]
<applu
?MSFTuB
?EDNAu
  	                            
                   
        
                    
               
?u@<0|
.datuj
 <buej
L$ Pj	W
C(tj+=
QQj.PR
QQj<PR
QQj>PR
RQj<QP
PQj WV
u	@K;E
9MThduP
u-_^[Y]
=OTTOu[
B1=TTF
u	9F t
tUC;\$
W;NTr%w
;VTr%w
FX;F\tT
H(;~Lw
W(_^[]
W8_^[]
W _^[]
gfffWQ
w ;N$w
GPF+GL
X(;P,w
X(;P,w
t1Ot%f
Y[[]_^
t <!t%
<FtH<GtD<kt@<lt<
t%<"t!<mt
_^[rEf+W
tyP<Ft><Gt:
<_t*<dt&<nu
t1<Ft-<Gt)<
<!t	<Nt
<At	<Nt
t	=exe
tA<NtI<OtQ
tj<2tf<DsV
t%<$t-<
<ktT<l
< t2<%tM<$t=<&tE<'t0</
COMMu	
</t	<1t$
t3<bt]
tt3<tt-f
gttJf=gttB
u	f9=v
<\t#<=t
v	N+D$
v	N+D$
         (((((                  H
                                 
NtQueryInformationProcess
GetCurrentProcess
GetLocalTime
GetCurrentThreadId
GetDriveTypeW
vector<T> too long
@Trojan.Win32/Packed.VMProtect.
@Trojan.Win32/Packed.Themida.
@Trojan.Win32/Packed.ASProtect.
@Suspicious.Win32/Packed.Themida
@Suspicious
@ApplicUnsaf
@ApplicUnwnt
.Generik
@Application
@Trojan
/Injector.
/Kryptik.
/Packed.
@Patched
startup
autorun
autoit
php2exe
gentee
registry
NUMBERS
CONTENTS
DataSpaces
DataSpaceInfo
TransformInfo
Standard Jet DB
Standard ACE DB
<VisioDocument
<?mso-application progid="PowerPoint.Show"?>
<?mso-application progid="Excel.Sheet"?>
<?mso-application progid="Word.Document"?>
SQLite format 3
fishead
theora
vorbis
ACONanih
vidsdivx
AVI LIST
WAVEfmt 
MIME-Version: 1.0
Content-Type: multipart/related;
From: "Saved by
From: <Saved by
Message:
MIME-Version:
Content-Class:
Reply-To:
Message-ID:
Subject:
Return-Path:
Received:
.onetoc
**ACE**
1AY&SY
mimetypeapplication/vnd.oasis.opendocument.formula
mimetypeapplication/vnd.oasis.opendocument.base
mimetypeapplication/vnd.oasis.opendocument.graphics
mimetypeapplication/vnd.oasis.opendocument.presentation
mimetypeapplication/vnd.oasis.opendocument.spreadsheet
mimetypeapplication/vnd.oasis.opendocument.text
Metadata/BuildVersionHistory.plist
buildVersionHistory.plist
_rels/DWFDocumentSequence.dwfseq.rels
classes.dex
META-INF/MANIFEST.MF
Documents/1/_rels/
xl/_rels/workbook.bin.rels
template/database/databaseProperties.xml
theme/theme/_rels/themeManager.xml.rels
ppt/vbaProject.bin
ppt/_rels/presentation.xml.rels
xl/vbaProject.bin
xl/_rels/workbook.xml.rels
word/vbaProject.bin
word/_rels/document.xml.rels
AutoCAD Binary DXF
(DWF V
%!PS-Adobe-
TRUEVISION-XFILE.
GIF89a
GIF87a
ftypjp2
STEALTH.
CRYPT.
TUNNEL.
WINDOWS.
WIN32.
COMPANION.
DRIVER.
SCRIPT.
MANIFEST
CHM_1033
CDF-MS
INF_LOC
XRM-MS
#M.MBX
#M.DBX
#M.MBOX
weight=
request=1
swextract
winrarsfx
mode=all
mode=merge
@Trojan.WMA/TrojanDownloader.GetCodec.gen
@Trojan.WMA/Exploit.CVE-2009-2498
@Trojan.WMA/Exploit.CVE-2009-2527
@Trojan.Win32/Agent.SDG.Gen~alg
Lillith
@Trojan.Win32/Mebroot.mbr
Moloch
One_Half
One_Half.3570
One_Half.3666
One_Half.Unknown
One_Half.3544.C
One_Half.3544.D
One_Half.3544.A
One_Half.3577
#R.UPX~Elf
#R.UPX~Macho
@Trojan.Win32/Packed.Upx
#R.UPX~Pe64
Alfons.1344
Alfons.1536
Animals.2400
BachKhoa.3999
Backform.2000.A
Die_Hard.4000.A
Die_Hard.4000.B
Drepo.2461
Helloween.1063
Helloween.1182
Helloween.1227
Helloween.1228
Helloween.1288
Helloween.1376.A
Helloween.1376.B
Helloween.1376.C
Helloween.1376.D
Helloween.1376.E
Helloween.1376.F
Helloween.1376
Helloween.1377
Helloween.1384
Helloween.1401
Helloween.1430
Helloween.1447
Helloween.1684
Helloween.1839.A
Helloween.1839.B
Helloween.1888
Helloween.2470
Lion_King
Zaneta.1769
Xuxa.1037
Xuxa.1045
Xuxa.1088
Xuxa.1096
Markt.1533
Chill.544
Barrotes.840
Barrotes.849
Markt.1548
Cascade.Jojo.A
Cascade.Jojo.B
Cascade.Jojo.C
Cascade.1621
Cascade.1491
Cascade.1661.A
Cascade.1661.B
Cascade.1699.A
Cascade.1699.B
Cascade.1702
Cascade.1706
Countdown.1300
Countdown.1363
Glupak.847
Aaa.807
Kvapavka
F-Soft.458
F-Soft.563
F-Soft.590
F-Soft.633
F-Soft.656
Ambulance.795
Ambulance.796.A
Ambulance.796.B
Ambulance.796.C
Ambulance.796.D
Ambulance.796.E
Klepavka
Happy_Slovakia.A
Cascade.691
Paranoid.1427
SLAM.Demo.Com
Skank.565
Respect.624
Vienna.648.Reboot.A
Sabados
AntiAV.1235
Vampiro.1000.A
Vampiro.1000.B
Vampiro.1000.D
Vampiro.1000.E
M5-Vp2
Macdonia
Malatinec.2367
Malatinec.1554
Malatinec.2396
Maca.1000
Explosion.1000
Tiso.1279
Mdevice:SVL.1_0
Mdevice:SVL.1_1
Mdevice:SVL.1_2.A
Mdevice:SVL.1_2.B
Mdevice:SVL.Kill
Delta.1163
Mirea.703
Mirea.737
Mirea.925
Mirea.930
Mirea.944
Mirea.950
Mirea.958
Mirea.1086
Mirea.1766
Mirea.1788
Mirea.1800
Mirea.1832
Mirea.1888.A
Mirea.1888.B
Mirea.1901
Mirea.1950
Xeram.1664
Xuxa.1656
Xuxa.1984
Delwin.1759
Hi.460.A
Hi.460.B
Cordobes
Chaos.1241
Burglar.777
Burglar.820
Burglar.824
Burglar.833
Burglar.877
Burglar.1004
Burglar.1050
Burglar.1150.A
Sarampo.1470
Werewolf.1500.A
Werewolf.1500.B
Malatinec.3737
Burglar.1365
Sarampo.1371.B
RMS2.1472
Damned.1093.A
Beavis.831
SLAM.Demo.Exe
Cpw.1527
Cpw.1395
Cpw.1457
Cpw.1459
Cpw.1460
Antigus
Pieck.4444.A
Morphine.3500
Desperado.A
Desperado.B
Desperado.C
Nilz.1000
Unsnared.814
2Trout.6804
BoxBox
CmosDead.3622
Hdd-Cleaner.937
Ontario.1024.A
Ontario.1024.B
Deliver
Green_Caterpillar.1989.A
Green_Caterpillar.1575.A
Green_Caterpillar.1575.B
Green_Caterpillar.1575.C
Green_Caterpillar.1575.D
Green_Caterpillar.1575.F
Green_Caterpillar.1575.G
Green_Caterpillar.1575.H
Green_Caterpillar.1575.I
Green_Caterpillar.1575.J
Green_Caterpillar.1575.L
Green_Caterpillar.1575.L2
100Percent
Spanska.1000
Spanska.1120.A
Spanska.1120.B
Spanska.1120.C
Spanska.1500
Major.1644.A
Major.1644.B
Anti-PC_Revue.1958
Anti-PC_Revue.2588
Spanska.4250
TPVO.3783
Kaos4.A
Kaos4.C
Vlamix.1090.A
Vlamix.1090.B
Abbas.1320
Abbas.5660
Nov17Th.855.A
Nov17Th.855.B
Barrotes.1176
Barrotes.1194
Barrotes.1303
Barrotes.1874
Barrotes.1463
Barrotes.1310.A
Barrotes.1310.B
Barrotes.1310.C
Barrotes.1310.D
Barrotes.1310.E
Barrotes.1310.F
Barrotes.1310.G
Tequila.2468.A
Tequila.2468.B
Tequila.2468.C
Tequila.2468.D
Tequila.2469
Flip.2153.A
Changsha.3072
10Past3.A
10Past3.B
Junkie.1027.A
Junkie.1027.B
Junkie.1029
Phx.965
Phx.823
No_Frills.843
TMC:Level_42.A
TMC:Level_42.B
TMC:Level_6x9
Tremor.4000
Walhala
~p~X~8~
}x}X}8} }
|`|H|(|
{p{P{0{
z`z@z(z
ypyXy8y
xhxPx0x
whwHw(w
v`vHv(v
u`uHu(u
thtHt0t
spsPs8s
rxr`r@r(r
qhqPq0q
pxp`pHp(p
opoXo@o o
npnPn8n n
mpmPm8m m
lplXl@l l
kxkXk@k(k
jhjHj0j
ipiXi@i(i
hhhPh8h h
gxg`gHg0g
fxf`fHf0f
exe`eHe0e
dxdhdPd8d d
cpcXc@c(c
bxb`bHb8b b
apaXa@a0a
`h`X`@`(`
_h_X_@_(_
^p^X^@^0^
]p]`]H]8] ]
\x\h\P\@\(\
[p[`[H[8[ [
ZpZXZHZ0Z Z
YpYXYHY0Y Y
XpX`XHX8X(X
WxWhWPW@W(W
VpVXVHV8V V
UxUhUXU@U0U U
TxThTXT@T0T T
SxShSXSHS0S S
RpR`RHR8R(R
QxQhQXQ@Q0Q Q
PpP`PPP@P0P P
OpO`OPO@O0O O
NpN`NPN@N0N N
MxMhMXMHM8M(M
LpL`LPL@L0L L
KpK`KPK@K0K K
JpJ`JPJ@J0J J
IxIhIXIHI8I(I
HpH`HPH@H0H H
GxGhG`GPG@G0G G
FxFpF`FPF@F0F F
EpE`EPEHE8E(E
DxDhD`DPD@D0D D
CxChCXCPC@C0C C
BxBhB`BPB@B0B(B
ApA`AXAHA8A(A A
@x@h@`@P@@@8@(@
?x?h?`?P?@?8?(?
>p>`>X>H>8>0> >
=x=h=`=P=@=8=(= =
<x<h<X<P<@<8<(< <
;x;h;`;P;H;8;0; ;
:p:h:X:P:@:8:(: :
9p9h9X9P9@989(9
8p8h8X8P8@888(8 8
7x7p7`7X7H7@707(7 7
6x6p6`6X6H6@606(6 6
5p5h5X5P5@58505 5
4p4`4H404
3h3P383(3
2x2`2P282 2
1x1`1H181 1
0x0`0P080(0
/h/X/@/0/
.x.`.P.8. .
-p-X-H-8- -
,p,X,H,8, ,
+p+`+P+8+(+
*x*h*X*@*0* *
)x)`)P)@)()
(p(`(P(@(((
'x'h'P'@'0' '
&p&X&H&8&(&
%x%h%X%H%0% %
$x$h$X$H$0$ $
#x#h#X#H#8#(#
"p"`"P"@"0" "
!p!`!P!@!0! !
 p ` P @ 0   
	x	p	h	X	P	H	@	0	(	 	
~p~P~0~
}x}X}8}
|`|@| |
{h{H{({
zpzPz0z
yxy`y@y y
xhxPx0x
wxw`w@w w
vpvPv0v
uhuHu(u
txt`t@t t
sxsXs8s s
rprXr8r r
qpqXq8q
pppXp8p p
oxoXo@o o
nxn`n@n(n
mhmHm0m
lplPl8l l
kxk`k@k(k
jpjPj8j j
ixi`iHi0i
hphXh@h h
gpgPg8g g
fhfPf8f
ehePe0e
dhdPd0d
chcPc8c c
bpbPb8b b
apaXa@a(a
```H`0`
_p_X_@_(_
^h^P^0^
]p]X]@]0]
\p\X\@\(\
[h[P[8[ [
ZhZPZ8Z Z
YhYPY8Y(Y
XpXXX@X(X
WpWXWHW0W
VxV`VPV8V V
UpUXU@U(U
TxThTPT8T T
SpS`SHS0S
RpRXR@R0R
QpQXQ@Q(Q
PpPXP@P0P
OpOXOHO0O
NxN`NHN8N N
MxMhMPM@M(M
LpL`LHL0L L
KhKXK@K0K
JxJ`JPJ8J(J
IxI`IPI8I(I
HxH`HPH8H(H
GxG`GPG@G(G
FxFhFXF@F0F
EpE`EHE8E E
DxDhDPD@D0D
CpC`CPC8C(C
BpB`BHB8B(B
ApAXAHA8A(A
@p@`@H@8@(@
?p?`?P?@?(?
>x>h>X>H>0> >
=p=`=P=@=(=
<p<X<H<8<(<
;x;h;X;H;8;(;
:x:h:X:H:8:(:
9p9X9H989(9
8p8`8P8@808 8
7x7h7X7H787(7
6x6h6X6H606 6
5p5`5P5@505 5
4p4`4P4@404 4
3x3h3X3H383(3
2x2h2`2P2@202 2
1x1h1X1H181(1
0p0`0P0@000(0
/p/`/P/@/0/(/
.p.`.P.H.8.(.
-x-h-X-H-8-0- -
,p,`,P,@,8,(,
+x+h+`+P+@+0+ +
*x*h*`*P*@*0* *
)x)p)`)P)@)8)()
(p(h(X(H(8(0( (
'x'p'`'P'@'8'('
&x&h&`&P&@&8&(&
%x%h%`%P%@%8%(%
$x$p$`$P$H$8$0$ $
#x#h#X#P#@#0#(#
"p"h"X"H"@"0"("
!p!h!X!H!@!0!(!
 x h X P @ 8 (   
	x	p	h	`	X	P	H	8	0	(	 	
MACRO CONTENT CLEANED BY ESET   
14???????0
@Trojan.Java/Numeric.A%Experimental
$UNIX2003
map/set<T> too long
QuickBatch
AUTOIT
chilkat
getrighttogo
kuaizip
autoplaymediastudio
XENOCODE
XLAYER
INDIGOROSE
CHROMEEXTENSION
INSTALLFACTORY1
TIZ3ARCH
BCOMPILER
#M.UUE
#S.GENTEESCRIPT
#S.AUTOLISP
#S.VLX
PACK200
OPCXML
MSOXML
BASE64
#S.PYC
#S.FAT
#S.MSI
Received-SPF
Received
Return-Path
Subject
Message-ID
Reply-To
Content-Type
Content-Class
MIME-Version
Message
Delivered-To
X-Document-Type:
Content-Type:
#M.MME
00000000000
driver.cab
sp3.cab
sp2.cab
sp1.cab
SMARTINSTALLMAKER:ver=1
SMARTINSTALLMAKER:ver=2
AndroidManifest.xml
http://schemas.microsoft.com/office/2006/xmlPackage
#A.ISO
#A.DMG
#A.HFS
#A.ZIP
T7VAIO
!<arch>
debian-binary
'3VRTLIB-1
FAS4-FILE
q*(www.KuaiZip.com
bcompiler v0.27s
bcompiler v0.14s
[Languag
e=409]
xlayer
Smart Install Maker
----START-DATA----
[0000]
;!@Install@!UTF-8!
**ACE**
NullsoftInst
GetFileAttributesA
CreateProcessA
CreateFileA
CopyFileA
connect
GetDateFormatA
WSAGetLastError
#A.Ying
#A.ASTRUM
#R.MPressNet
***messages***
C:\ProgramData
C:\Program Files
C:\Program Files\Common Files
C:\Users\?\AppData\Roaming
C:\Users\?\AppData\Local
C:\Windows\system32\cmd.exe
C:\Windows
REM Batch script (Expanded by ESET)
FUNCTION 
' VBS script (Processed by ESET)
"RECYCLER\
RECYCLER\
SETUP.CMD
.\COPY.CMD
COPY.CMD
.DLL,INSTALLM
SETUP.EXE
RUN.EXE
INSTALL.EXE
UNLOCK.EXE
"USBSECURE.EXE
USBSECURE.EXE
"USBSECURITY.EXE
USBSECURITY.EXE
LINK_SETUP.EXE
AUTORUN.EXE
#A.base64
#A.jspacked:ver=1
ScriptAlg
cve_2010_3333_fnc
autorun_fnc
cve_2010_3971_fnc
packed_fnc
script_fnc
applet_fnc
meta_refresh_fnc
packer_offset_fnc
nsis_push_fnc
cve_2011_1260_fnc
cve_2012_1889_fnc
phishing_site_fnc
check_ftp_open_fnc
is_url_eset_phishing_fnc
is_url_blacklistedobjectinarchive_fnc
url_is_not_bank_fnc
is_url_blacklisted_fnc
is_url_phishing_fnc
is_url_blacklistedobject_fnc
is_url_blockupdate_fnc
is_url_unwanted_fnc
base64_fnc
is_iframe_blacklisted_fnc
is_iframe_suspicious_fnc
phishing_prefix_fnc
phishing_prefix_silent_fnc
!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
AGNITUM.RU
VISIBILITY:HIDDEN
OVERFLOW:HIDDEN
DISPLAY:NONE
WIDTH:0
HEIGHT:0
HTTPS://
HTTP://
vector<bool> too long
deque<T> too long
Win32/Virut.NBK~iframeclean
Win32/Virut.NBM~iframeclean
HTML/TrojanClicker.IFrame.NAP~iframeclean
@Trojan.HTML/IFrame~iframeclean1
@Patched.JS/Iframe.AJ~htmlclean
Win32/Fujacks.K~iframeclean1
Win32/Fujacks.K~iframeclean2
Win32/Fujacks.L~iframeclean
Win32/Chir.B~jsclean
@Trojan.PHP/Agent.GC~clean
<iframe src="http://ZieF.pl/rc/" width=1 height=1 style="border:0">
</iframe>
<IFRAME style="DISPLAY: none" src="http://jL.chura.pl/rc/">
</IFRAME>
<iframe src="http://jL.c&#104;ura.pl/rc/" style="&#100;isplay:none">
<script type="text/javascript" src="http://kollinsoy.skyefenton.com:8080/Hardware.js">
</script>
<script>String.prototype.asd=
<iframe src=http://www.krvkr.com/worm.htm width=0 height=0>
</iframe>
<iframe src="http://www.51dj8.com/wenhua/first.htm" width="0" height="0" frameborder="0"> 
<iframe src="http://www.ctv163.com/wuhan/down.htm" width="0" height="0" frameborder="0"> 
<html><script language="JavaScript">window.open("readme.eml", null,"resizable=no,top=6000,left=6000")
</script></html>
<?php $hciozgdv
$xruoafbee-1; ?>
ALS/Bursted.X~clean
ALS/Bursted.AD~clean
ALS/Bursted.E~clean
(defun s::startup
;;;jjyy
(defun-q s::
(princ)
	 (/ b
(setq basepath
(princ)
Win32/Chir.B~delete
@Worm.VBS/Haptime.A
@Worm.VBS/Haptime.B
@Worm.VBS/Haptime.C
<script language=
@Worm.Win32/Nimda.A
@Worm.Win32/Nimda.E
@Worm.Win32/Nimda.D
@Worm.Win32/Nimda.C
@Worm.Win32/Nimda.B
@Worm.Win32/Nimda.A~1
Win32/Ramnit.A
<SCRIPT Language=VBScript><!--
DropFileName = "svchost.exe"
Ole10Native
LvExtra
Module
MSysModules2
Standard Jet DB
ActiveMime
#A.OleData
activex
docprop
MSWord/Overs.B%Experimental
#M.MSG
;;B&F7B
B4FhD&B
#A.MSI
#A.OFFICECRYPTOGRAPHY
WordDocument
Macros
_VBA_PROJECT
Workbook
_VBA_PROJECT_CUR
@Trojan.SWF/Exploit.CVE-2011-0609.B
Current User
PROJECT
2b400008_ffffffff
ITEM000
VisioDocument
VBA_Project
Escher
ObjectPool
@Trojan.Win32/Exploit.CVE-2014-4114%Experimental
141414141414141414141414
@Trojan.X97M/Exploit.CVE-2009-0238
@Trojan.Win32/Exploit.CVE-2012-0143.A
@Trojan.Win32/Exploit.CVE-2012-1847.A
@Trojan.Win32/Exploit.CVE-2012-1847.B
@Trojan.Win32/Exploit.CVE-2012-0184.A
X97M/Escop.
@Worm.Mailcab.A
StartUp
        
Attribut
e VB_Nam
e = "Sta
CLEANED 
BY ESET!
NUY66634HUY33
NUY66634HUY33
NUY66634HUY33
PowerPoint Document
MSysDb
PP97M/
PU97M/
Visio (TM) Drawing
Default Paragraph Font
Stand. p
smo odst.
Absatz-Standardschriftart
 Fuente de p
rrafo predeterminada
Kappaleen oletusfontti
Police par d
Bekezd
s alap-bet
Carattere predefinito paragrafo
Standaardalinea-lettertype
Standardskrift for avsnitt
lna czcionka akapitu
Privzeta pisava odstavka
1Table
0Table
@Trojan.Win32/Exploit.MSWord.Smtag
@Trojan.DOC/CVE-2016-3316
W97M/Lexar.
W97M/Xaler.
.got.plt
#R.ComToExe
Cruncher
Dark_Paranoid
Gold_Bug
Hll.Oscar
Hll.Tp_Worm
Combat.1644
Hll.4536
Hll.Grave.5952
Hll.7336
Hll.20621
Hll.21037
Hll.Creed.5209
Hll.4317.E
Hll.Weed.5850.C
Lexotan.A
Lexotan.B
Lexotan
Nutcracker.Ab
PLY.3360
PLY.3487
PLY.3759
PLY.3768
PLY.4224
PLY.4722
PLY.5133
PLY.5175
PS-MPC-based
Satan_Bug
SSR.18273
SSR.18364
SSR.19071
SSR.19834
TMC:Unknown
Zhengxi
 *,0MQTb
      "       "       "       "       "       "       "       " !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
""""""""""""""""
Civil_Defence.1_0
Civil_Defence.1_1
Civil_Defence.3_3
Civil_Defence.3_8
Civil_Defence.3_B
Arianna.3375
Ebola.1_0
Ebola.1_2
Ebola.1_4
Monte_Carlo.1483
Monte_Carlo.1541
Pixel.Hydra.II.1648
Happy_Slovakia.B
@Worm.Win32/Hybris.drp
Pieck.2016
Taipan.438.A
Taipan.438.B
Taipan.438.Penis
Taipan.666
|SYSTEM
Strange_Brew_Virus
Java/Strange_Brew
<InvokeDynamic>:
IDLIST
LINKINFO
STRINGNAME
STRINGPATH
STRINGWORK
STRINGARGS
STRINGARGSAMP
STRINGICON
EXTRAIDLIST
EXTRAPATH
EXTRAICON
EXTRAMACHINE
EXTRADARWIN
EXTRAFOLDER
EXTRACONSOLE
ICONINDEX
MyComputer
Computers
Network
UsersLibraries
ControlPanelCategory
InternetExplorer
MyDocuments
ControlPanel
Downloads
Documents
DocumentsLibrary
PicturesLibrary
MusicLibrary
VideosLibrary
AllControlPanelItems
Unknown
MacOS/Sevendust.gen
Sys6DATACODEMBDFCDEFMDEFWDEFnVIRINITDREW
yScriptletTypeLibTentacle_II.10634
function 
@Trojan.PDF/Exploit.Gen~whitechars
@Trojan.PDF/Exploit.Gen~strangefilters
@Trojan.PDF/Exploit.CVE-2010-1297
image/tif
mailto:
@Trojan.PDF/Phishing.A.Gen
@Trojan.PDF/Phishing.B.Gen
000webhostapp.com
Win32/Afgan.A~clean
Win32/Afgan.B~clean
Win32/Afgan.C~clean
Win32/Afgan.D~clean
Win32/Afgan.E~clean
Win32/TrojanDropper.Agent.DGO~clean
Win32/Agent.DP~clean
Win32/Agent.NAG~clean
Win32/Agent.NAU~clean
Win32/TrojanProxy.Agent.NCI~clean
Win32/Agent.OJO~clean
Win32/TrojanDownloader.Agent.PBY~clean
@Patched.Win32/Agent.RGX~clean
Win32/Agent.Z~clean
Win32/Alman.NAB~clean
Win32/AutoRun.NAT~clean
Win32/Azero.A~clean
Win32/Bacalid.A~clean
Win32/Bacalid.B~clean
Win32/Bacalid~turek
@Worm.Win32/Bagle.M~1
@Worm.Win32/Bagle.O~1
@Worm.Win32/Bagle.Q~1
@Patched.Win32/Bamital.EC~clean
Win95/Bodgy.3230.A
@Worm.Win32/Bugbear.B
Win95/Bumble.1736.A
Win32/Cabanas.3014.A
Win32/Chimera.A~clean
Win32/Chir.A~clean
Win32/Chir.B~clean
Win32/Chir.C~clean
Win32/Chir.D~clean
Win95/CIH
@Worm.Win32/Datom.A~1
Win32/Floxif.A~delete
Win32/Floxif.B~delete
Win32/Floxif.C~delete
Win32/Delf.NAB~clean
Win32/Delf.NBL~clean
Win32/Delf.NBQ~clean
Win32/Drowor.C~clean
Win32/DunDun.A~clean
Win95/Dupator.1503.A
Win95/Dupator.1503.A~2
Win32/ElKern.A
Win32/ElKern.B
Win32/ElKern.C
Win32/Expiro.R~clean
Win32/Expiro.S~clean
Win32/Expiro.T~clean
Win32/Expiro.U~clean
Win32/Expiro.V~clean
Win32/Expiro.X~clean
Win32/Expiro.Y~clean
Win32/Expiro.Z~clean
Win32/Expiro.NAA~clean
Win32/Expiro.NAB~clean
Win32/Expiro.AA~clean
Win32/Expiro.AB~clean
Win32/Expiro.AC~clean
Win32/Expiro.AD~clean
Win32/Expiro.NAD~clean
Win32/Expiro.NAG~clean
Win32/Expiro.AG~clean
Win32/Expiro.AE~clean
Win32/Expiro.AF~clean
Win32/Expiro.NAN~clean
Win32/Expiro.NAO~clean
Win32/Expiro.NAU~clean
Win32/Expiro.NBF~clean
Win32/Expiro.NBE~clean
Win32/Expiro.NBA~clean
Win32/Expiro.NBN~clean
Win32/Expiro.NBP~clean
Win32/Expiro.AR~clean
Win32/Expiro.NAL~clean
Win32/Expiro.BR~clean1
Win64/Expiro.A~clean
Win64/Expiro.B~clean
Win64/Expiro.C~clean
Win64/Expiro.D~clean
Win64/Expiro.H~clean
Win64/Expiro.J~clean
Win32/Expiro.AT~clean
Win32/Expiro.AY~clean
Win32/Expiro.AZ~clean
Win32/Expiro.NCB~clean
Win32/Expiro.BC~clean
Win32/Expiro.BH~clean
Win32/Expiro.BN~clean
Win32/Expiro.BU~clean
Win32/Expiro.BW~clean
Win32/Expiro.BY~clean
Win32/Expiro.BZ~clean
Win32/Expiro.BR~clean
Win32/Expiro.NCD~clean
Win32/Expiro.BD~clean
Win32/Expiro.BD~clean1
Win32/Expiro.CG~clean
Win32/Expiro.NCI~clean
Win32/Expiro.CG~clean2
Win32/Expiro.CG~clean3
Win64/Expiro.Z~clean
Win64/Expiro.AB~clean
Win64/Expiro.AI~clean
Win64/Expiro.AQ~clean
Win64/Expiro.AT~clean
Win64/Expiro.AU~clean
Win64/Expiro.BE~clean
Win64/Expiro.BM~clean
Win64/Expiro.BR~clean
Win64/Expiro.AL~clean
Win32/Expiro.A~clean
Win32/Expiro.B~clean
Win32/Expiro.C~clean
Win32/Expiro.D~clean
Win32/Expiro.E~clean
Win32/Expiro.F~clean
Win32/Expiro.G~clean
Win32/Expiro.H~clean
Win32/Expiro.I~clean
Win32/Fignya.A~clean
Win32/Fignya.B~clean
Win32/Floxif.A~clean
Win32/Floxif.D~clean
Win32/Fujacks.AA~clean
Win32/Fujacks.BF~clean
Win32/Delf.NAZ~clean
Win32/Fujacks.BR~clean
Win32/Fujacks.BS~clean
Win32/Fujacks.N~clean
Win32/FunLove.4070
@Worm.Win32/Ganda.A
Win32/Greener.A~clean
Win32/Grum.D~clean
Win32/Small.L~clean
Win32/HLLP.Hantaner.A
Win32/Hetuph.A
Win32/Huhk.C
@Worm.Win32/Hybris.dll
@Worm.Win32/Hybris.dll~2
Win95/ILMX.1291
Win32/Induc.C~clean
-=supernatural=-
Win32/Jeefo.A
Win32/Jeefo.C
Win32/Jeefo.D
Win32/Kenston.1895
Win32/Kibik.A~clean
Win32/Kriz.4029
Win32/Kriz.4050
DeleteFileA
MoveFileA
MoveFileExA
SetFileAttributesA
CopyFileW
CreateFileW
CreateProcessW
DeleteFileW
GetFileAttributesW
MoveFileW
MoveFileExW
SetFileAttributesW
Win32/Lafee.A~clean
Win32/Lafee.B~clean
Win32/Leprum.A
Win95/Lorez
Win95/Lorez~2
@Worm.Win32/Lovgate.L
@Worm.Win32/Lovgate.L~2
Win32/Luder.A~clean
Win32/Luder.Gen~clean
Win32/Lurka.B~clean
Win32/Mabezat.A~clean
Win32/Madang.A~clean
Win32/Madang.B~clean
Win32/Magistr.24876
@Worm.Win32/Magistr.29188
Win32/Mocket.A~clean
Win32/Morto.A~clean
Win32/MTX.A
Win32/MTX.B
Win32/Mumawow.A~clean
Win32/Mumawow.B~clean
Win32/Mumawow.C~clean
Win32/Mumawow.D~clean
Win32/Mypis.H~clean
Win32/Mypis.I~clean
Win32/Mypis.Y~clean
Win32/Mypis.V~clean
Win32/Mypis.AA~clean
Win32/Neshta.A~clean
Win32/Neshta.B~clean
Win32/Oleloa.gen~wininet
HttpSendRequestA
@Patched.Win32/Olmarik.OF~clean
@Patched.Win32/Olmarik.PV~clean
@Patched.Win32/Olmarik.PY~clean
@Patched.Win32/Olmarik.RF~clean
@Patched.Win32/Olmarik.SE~clean
@Patched.Win32/Olmarik.SJ~clean
@Patched.Win32/Olmarik.ST~clean
@Patched.Win32/Olmarik.TM~clean
@Patched.Win32/Olmarik.TO~clean
@Patched.Win32/Olmarik.UI~clean
@Patched.Win32/Olmarik.UJ~clean
@Patched.Win32/Olmarik.VG~clean
@Patched.Win32/Olmarik.VM~clean
@Patched.Win32/Olmarik.XG~clean
@Patched.Win32/Olmarik.ZC~clean
@Patched.Win32/Olmarik.AWK~clean
@Patched.Win32/PSW.OnLineGames.PFC~clean
Win32/Padmer.5255~clean
Win32/Parite.A
Win32/Parite.B
Win32/Parite.C~clean
@Patched.Win32/Patched.AF~clean
@Patched.Win32/Patched.A~clean
@Patched.Win32/Patched.EH~clean
@Patched.Win64/Patched.H~clean
@Patched.Win64/Patched.I~clean
@Patched.Win32/Patched.IB~clean
@Patched.Win32/Patched.AU~clean
@Patched.Win32/Patched.HK~clean
@Patched.Win32/Patched.HN~clean
@Patched.Win32/Patched.NAV~clean
@Patched.Win32/Patched.NBG.Gen~clean
Win32/Pecutex.A
Win32/Perez.AA~clean
Win32/Pinit~clean
Win32/Polip
Win32/Viking.H~clean
Win32/Viking.BJ~clean
Win32/Viking.CH~clean
Win32/Viking.DD~clean
Win32/Viking.NBG~clean
Win32/Viking.BY~clean
Win32/Viking.LU~clean
Win32/Viking.CA~clean
Win32/Viking.NAB~clean
Win32/Viking.BN~clean
Win32/Viking.CN~clean
Win32/Fujacks.U~clean
Win32/Fujacks.V~clean
Win32/Fujacks.W~clean
Win32/Fujacks.X~clean
Win32/Fujacks.Y~clean
Win32/Fujacks.Z~clean
Win32/Viking.AS~clean
Win32/Viking.J~clean
Win32/Werle.B~clean
Win32/Fujacks.R~clean
Win32/Fujacks.S~clean
Win32/Fujacks.T~clean
Win32/Fujacks.AB~clean
Win32/Fujacks.AD~clean
Win32/Selfish.A~clean
Win32/Selfish.B~clean
Win32/Selfish.C~clean
Win32/Span.A~clean
Win32/Mkar.E~clean
Win32/Fujacks.BI~clean
Win32/Selfish.D~clean
Win32/Selfish.F~clean
Win32/Fujacks.BL~clean
Win32/Fujacks.BK~clean
Win32/HLLW.Karimex.A~clean
Win32/Selfish.G~clean
Win32/Viking.AT~clean
Win32/Fujacks.BO~clean
Win32/AutoRun.NAR~clean
Win32/Delf.NAW~clean
Win32/Asim.B~clean
Win32/Viking.NAG~clean
Win32/Viking.CQ~clean
Win32/Viking.BK~clean
@Worm.Win32/Agent.NIB~clean
Win32/Viking.AG~clean
Win32/Viking.AI~clean
Win32/Delf.NBC~clean
Win32/ESET_Cleaning_Testfile~clean
Win32/Agent.NBE~clean
Win32/Proleeg.A~clean
@Worm.Win32/Bergize.A~clean
@Worm.Win32/PassMa.D~clean
Win32/Viking.BW~clean
Win32/Viking.N~clean
Win32/Viking.NAH~clean
Win32/Vokzuv.A~clean
Win32/Memery.A~clean
Win32/Delf.NBP~clean
Win32/Span.AA~clean
Win32/MewsSpy.A~clean
Win32/MewsSpy.B~clean
Win32/Viking.BS~clean
Win32/MewsSpy.AB~clean
Win32/MewsSpy.AL~clean
Win32/MewsSpy.AE~clean
Win32/MewsSpy.X~clean
Win32/Protector.A~clean
Win32/Protector.B~clean
Win32/Protector.E~clean
Win32/Protector.G~clean
Win32/Protector.K~clean
Win32/Protector.I~clean
Win32/Protector.L~clean
Win32/Quervar.A~clean
Win32/Quervar.B~clean
Win32/Quervar.C~clean
Win32/Quervar.D~clean
Win32/Ramnit.A~clean
Win32/Ramnit.B~clean
Win32/Ramnit.C~clean
Win32/Ramnit.E~clean
Win32/Ramnit.H~clean
Win32/Ramnit.R~clean
Win32/Ramnit.AN~clean
Win32/Ramnit.CG~clean
@Worm.Win32/SaiBo.A~clean
Win32/Sality.T~clean
Win32/Sality.NAS~clean
Win32/Sality.NAS~clean2
Win32/Sality.AE~clean
Win32/Sality.AF~clean
Win32/Sality.NAM~clean
Win32/Sality.O~clean
Win32/Sality.NAJ~clean
Win32/Sality.M~clean
Win32/Sality.NAE~clean
Win32/Sality.NAK~clean
Win32/Sality.NAC~clean
Win32/Sality.NAU~ahclean
Win32/Sality.NAO~ahclean1
Win32/Sality.NAO~ahclean2
Win32/Sality.NAR~ahclean1
Win32/Sality.NAU.dam~clean1
Win32/Sality.NAU.dam~clean2
Win32/Sality.NAU.dam~clean3
Win32/Sality.NAU.dam~clean4
Win32/Sality.NAU~hackclean1
Win32/Sality.NAO.dam~clean1
Win32/Sality.NAU~hackclean2
Win32/Sality.NAS~hackclean1
Win32/Sality.NAU~hackclean3
Win32/Sality.NAO~clean1
Win32/Sality.NAO~clean2
Win32/Sality.NAR~clean1
Win32/Sality.NAR~clean2
Win32/Sality.NAQ~clean
Win32/Sality.NAT~clean
Win32/Sality.NDR~clean
Win32/Sality.NBA~clean
Win32/Satir.994~clean
Win32/Selfish.E~clean
Win32/Slugin.A~clean
Win32/Small.A~clean
@Patched.Win32/TrojanDownloader.Small.OUC~clean
@Patched.Win32/TrojanDownloader.Small.OVL~clean
@Patched.Win32/TrojanDownloader.Small.PAC~clean
Win32/Spaces.1445.A
Win32/Spaces.1445.B
@Patched.Win32/SuspLibLoad.A~clean
@Patched.Win32/SuspLibLoad.B~clean
Win32/Tenga.gen~clean
Win95/Tenrobot.A
Win95/Tenrobot.B
Win95/Tenrobot.C
Win95/Tenrobot.C1
Win95/Tenrobot.C2
Win32/Trania.A
Win32/Tref.A~clean
Win32/Vampiro.7018.A
Win32/Vasor.17400~clean
Win32/Virut.NBP~fakeclean1
Win32/Virut.BA~clean
Win32/Virut.Q~clean1
Win32/Virut.Q~clean2
Win32/Virut.O~clean
Win32/Virut.E~clean
Win32/Virut.BC~clean
Win32/Virut.4960~clean
Win32/Virut.5127~clean
Win32/Virut.AC~clean
Win32/Virut.AH~clean
Win32/Virut.X~clean
Win32/Virut.AO~clean
Win32/Virut.AF~clean
Win32/Virut.AK~clean
Win32/Virut.AQ~clean
Win32/Virut.T~clean
Win32/Virut.AW~clean
Win32/Virut.AT~clean
Win32/Virut.AS~clean
Win32/Virut.AD~clean
Win32/Virut.AV~clean
Win32/Virut.AP~clean
Win32/Virut.AZ~clean
Win32/Virut.NAT~clean
Win32/Virut.BL~clean
Win32/Virut.NBB~clean
Win32/Virut.NBC~clean
Win32/Virut.NBD~clean
Win32/Virut.NBE~clean
Win32/Virut.S~clean
Win32/Virut.NBF~clean
Win32/Virut.BT~clean
Win32/Virut.NBH~clean
Win32/Virut.NBI~clean
Win32/Virut.CD~clean
Win32/Virut.F~clean
Win32/Virut.AI~clean
Win32/Virut.NBP.dam~clean1
Win32/Virut.NBP.dam~clean2
Win32/Virut.NBP~clean
Win32/Virut.NAL~clean
Win32/Wapomi.A~clean
Win32/Wapomi.A~clean2
Win32/Wapomi.O~clean
Win32/Wapomi.AE~clean
Win32/Wapomi.AE~clean2
Win32/Wapomi.AE~clean3
Win32/Wapomi.AE~clean4
Win95/Weird.10240
Win95/Whog.878.B
Win32/Wigon.A~winlogon
Win32/Xorala.A
Win32/Yama.A~clean
Y{8Z[61i~
!This program cannot be run in DOS mode.
This file was cleaned by NOD32.
@Backdoor.Win32/Agent.OKR~alg
@Worm.Win32/AimVen.A
Win32/Akannuna.A
Win32/Aldebaran
Win32/Aliser.7825.damaged
@Worm.Win32/Allaple.Gen
Win32/Antar
@Trojan.Win32/Packed.Armadillo.AAA
@Trojan.Win32/Packed.Armadillo.AAC
@Trojan.Win32/Packed.Armadillo.AAD
@Trojan.Win32/Packed.Armadillo.AAE
@Trojan.Win32/Packed.Armadillo.AAF
@Trojan.Win32/Packed.Armadillo.AAG
@Trojan.Win32/Packed.Armadillo.AAH
#R.Armadillo
@Patched.Win32/Rootkit.Avatar.D
Win32/Bacalid
ExitProcess
kernel32
Win32/Bagif.A
Win32/Bagif.B
Win32/Bagif.C
Win95/Begemot
Win95/Bistro
Win95/Bistro.B
Win32/Blakan
Win32/Bolzano.3904
Win32/Bolzano.5396.A
Win32/Bolzano.5396.B
Win32/Bolzano.5572
Win32/Bolzano
@Trojan.Win32/Kryptik.BAK.gen~alg
@Worm.Win32/Bugbear.B.damaged
@Trojan.Win32/Certik.
~exp%Experimental
Win32/Chiton.D
Win32/Chiton.S
@Worm.Win32/AutoRun.FXT.Gen
_hypot
_isctype
_ultoa
_CIsinh
_CIcosh
_CItanh
_CIacos
_CIasin
_CIatan
_CIpow
_CIfmod
@Worm.Win32/Conficker.Gen~alg
Win32/Crypto
Win32/Denit.A
Win32/Detnat.NA
Win32/Detnat.NB1
Win32/Detnat.NB
Win32/Detnat.NC
Win32/Devir
Win32/Driller
#S.Enigma:mode=all
@Trojan.Win32/Packed.Enigma.AAA
@Trojan.Win32/Packed.Enigma.AAB
@Trojan.Win32/Packed.Enigma.AAC
@Trojan.Win32/Packed.Enigma.AAD
@Trojan.Win32/Packed.Enigma.AAE
@Trojan.Win32/Packed.Enigma.AAF
@Trojan.Win32/Packed.Enigma.AAG
@Trojan.Win32/Packed.Enigma.AAH
@Trojan.Win32/Packed.Enigma.AAI
Win32/Etap
GetProcAddress
Win32/Evol
XLSXPPTX
@Trojan.Win32/Danger.DoubleExtension.<dp w="1"/>
@Trojan.Win32/Doubex.B.<dp p="0" w="1"/><ch sx="Experimental"/>
@Trojan.Win32/Doubex.A.<dp p="0" w="1"/><ch sx="Experimental"/>
@Trojan.Win32/Danger.TrickExtension.<dp w="1"/>
@Trojan.Win32/Mailexer.C.<dp p="0" w="1"/><ch sx="Experimental"/>
@Trojan.Win32/Suspex.
.<dp p="0" w="1"/><ch sx="Experimental"/>
@Trojan.Win32/VBRes.A%Experimental
Win32/Gobi.Gen
Win32/Goblin.A.Gen
Win32/Goblin.D.Gen
Win32/Goblin.E.Gen
Win32/Goblin.B.Gen
Win32/Goblin.C.Gen
@Worm.Win32/Hakaglan.B~alg
Win32/Harrier
Win32/HIV.Gen
@Worm.Win32/Hybris
@Worm.Win32/Hybris.encr
Win32/Idele.2160
Win32/Idele.{2076,2108}
Win32/Idele.1876
Win32/Idele.1839
Win32/Idele.1780
Win32/Idele.gen
Win32/Induc~alg
Win32/Induc.C~alg
#S.INSTALLMATE
Win95/Invir
Win32/Jolla
Win32/Junkcomp.A
@ApplicUnwnt.Win32/Packed.Crpak.Gen
@Worm.Win32/Klez
Win32/KME
@Trojan.Win32/Kryptik.BHG~alg
@Trojan.Win32/Kryptik.EBI~alg
@Trojan.Win32/Kryptik.EJX~alg
Win32/Lafee.C~clean
Win32/Lafee.D~clean
Win32/Lafee.Gen~alg
Win32/LDE.C
Win32/LDE.D
Win32/Dislex
Win32/Magistr
Win32/Mimail.S.drp
@Worm.Win32/Mytob.SX
@Worm.Win32/Nuwar.Gen~alg
@Worm.Win32/Nuwar
@Trojan.Win32/TrojanDownloader.Small.AWA
@Trojan.Win32/SpamTool.Small
@Trojan.Win32/TrojanDownloader.Small.AVT
@Trojan.Win32/Obfuscated.A1
msvcrt.dll
Win32/Olmarik.LT
@Patched.Win32/Olmarik.UA~alg
@Trojan.Win32/Olmasco.Gen~alg
Win32/Orez
Win32/Pacex.Gen~alg
@Patched.Win32/Patched.EC
rpcss.dll
@Patched.Win64/Patched.H~alg
@Patched.Win32/Patched.IB~alg
AppInit_DLLs
#R.POLYMOLEBOX
Win32/Puron
Win32/Resur.D
Win32/Sality~alg
Win32/Sality.NBA.dam
@Trojan.Win32/SandyEva.H~alg
@Trojan.Win32/PSW.Sinowal.Gen
Win95/SK
skype_*_image.exe
skype_*_foto.exe
xxx_video*
video_xxx.*
bestxx_avi.exe
msconfig.dat
msconfig.ini
wpbtD.dll
wpbtD.exe
msdcsc.exe
bbbS*.exe
dhlS*.exe
upcS*.exe
upsS*.exe
uspsS*.exe
invoiceS*.exe
paymentS*.exe
fedexS*.exe
packageS*.exe
receiptS*.exe
cccccc.exe
skype.dat
crtmon32i.exe
drwt32.exe
drwts32k.exe
iexplores.exe
igfxpervs.exe
igfxtrayms.exe
javaln.exe
lgfxtray.exe
ms32trayx.exe
mscvrt.tmp
outlookms32i.exe
rtkn32gdi.exe
sncbhost32.exe
spoolwlx.exe
svceset.exe
svclogon.exe
svcnosts.exe
tr_29670.exe
ui32s.exe
vscrtm.tmp
crypt*.exe
inject*
stub.exe
*-fb.exe
*-facebook.exe
~6rld.tmp
hellodll.*
pics_*_jpeg.exe
altshell.dat
viewdrive.exe
movie1080p.mkv.exe
newbosD.exe
nothingD.exe
cornelD.exe
dexterD.exe
rastaDD.exe
traffDD.exe
angrimD.exe
useridD.exe
mongoDD.exe
safproD.exe
ballsDD.exe
b0berDD.exe
keybexD.exe
teentube*.exe
adobeflashplayerv1*.exe
ff-update.exe
video_hd.exe
video.hd_*.exe
hd_gallery.exe
hd.gallery_*.exe
video_720p.exe
msseedir.dll
update_flash_player.exe
update_flash_playerD.exe
updateflashplayer.exe
soft44.exe
softD.exe
softDD.exe
finsys.exe
codfullhdxavi.exe
lcrm.exe
swift *.exe
skc.exe
pkc.exe
dlimageD.*
hellopuppy.*
doc_DDDDDDDD.exe
case_DDDDDDDD.exe
label_DDDDDDDD.exe
incident_DDDDDDDD.exe
ref_DDDDDDDD.exe
fax_DDDDDDDD_*.exe
tax_DDDDDDDD.exe
scan_DDD_DDDDDDDD*.exe
securemessage.exe
identityform.exe
issue_report_DDDDDDDD.exe
order_*.exe
purchase_*.exe
rechnung_*.exe
forderung_*.exe
parcel-*.exe
ecard_*.exe
sparkasse_*.exe
informationen_*.exe
smlouva*.exe
notice*.exe
e-zpass*.exe
report_id_*.exe
DD.DD.DDDD.DDDDD*.exe
copy_*.exe
dluh*.exe
faktura*.exe
ucet*.exe
pachetto*.exe
eset.exe
upeksvr.exe
Dsysconf.exe
msunet.exe
wifi-cfg.exe
Dskkkkkk*.exe
googleupdateservice.exe
googleupdatesvc.exe
googlechromeupdate.exe
wcrash.exe
heap.exe
D[D].exe
verison.dll
boleto*.cpl
comprovante*.cpl
nfeS*.cpl
nfSeS*.cpl
extratoS*.cpl
notaS*.cpl
intimacao*.cpl
acupxDDD.dll
rad*.tmp.exe
productSsample*.exe
productSsample*.scr
boletoS*.cpl
setmgrcD.cfg
nvupdate.exe
intelrapidstart.exe
intelrs.exe
uq2.exe
rcs-setup-*.exe
naked.exe
passwords.exe
password.exe
porn.exe
sexy.exe
apucpu.exe
syshost.exe
HHHH_HHHHHHHH_HHHHHHHH
photo.exe
photos.exe
lcl_*protect.exe
???_securebrowsing.exe
rmt_*userdata.exe
rastls.dll
mcutil.dll
msi.dll
ashldres.dll
splash_screen.dll
emprxres.dll
formdll.dll
oinfo11.ocx
ushata.dll
choiceguard.dll
sbiedll.dll
aclui.dll
pdh.dll
d3dx81ab.dll
hccutils.dll
fspmapi.dll
blackbox.dll
chrome_install_*.exe
adobe_flash_player_*.exe
flash_player_*.exe
ntrass.exe
ntuser.dat:*
sysinfo_D*.dll
prx_D*.dll
pwdump_D*.dll
usercache.*
googlecrashreport.*
firstupdate.exe
wsxupdate.exe
*_pdf.exe
srssvc.exe
wusvcd.exe
*.tmp_dwn
runrun.exe
api-ms-win-samcli-dnsapi-0-0-0.dll
fsflt.sys
msupdatexDD.exe
dnscliD.dll
apivscd.dll
scrcfg.exe
winuproll.exe
serviceinstallxDD.dll
install_com_xDD_*.dll
msdtckrn.dll
mfxscom.dll
messi.leonel
mciavilDD.dll
skype_sup*.exe
rpcad.dll
mmservice.dll
carta_certificada*
pacchetto*
adres_*.exe
info_*.exe
bin.exe
cr_mssD.exe
adohlp10.tlb
oledb32s.tlb
aidainitDD.exe
aidaDD_srv.dat
aidaDD_inst.dat
bdcl_??_??.exe
getsbdh*.exe
sbdh*.exe
ms-DDDDDDDD.exe
kernel32wx.dll
pn_pack1.exe
and1.exe
lmpack1.exe
*.exe:ads
test_nod_D*.exe
test_nod_D*.dll
nod_D*.dll
xscorpy*.exe
lxsc_*.exe
spcommon.nls
unicodeapi.nls
unicodeapi32.nls
unicodeapiutil.nls
powcpl.nls
powcpl.txt
gbp.txt
gpb64.txt
resc.txt
resc64.txt
wow64fixup.txt
cert_vDD_0.tpl*
cert_vDDD_0.tpl*
cert_vDDDD_0.tpl*
cert_vDDDDD_0.tpl*
lanmansrv.dll
msdtchlp.exe
libzss_plugin.dll
msbuildtaskhost.exe
monodevelop.projects.formats.msbuild.exe
msbuild.ni.exe
*msbuild.exe
msbuild*.exe
mcafeewin.exe
commonfiles*.exe
a29d2bc9.exe
corlbd.dat
hhbercsdle.dat
hhcsdl.dat
hheng.dat
hhengl.dat
icuhc32.dll
icuhc64.dll
icuxc32.dll
icuxc64.dll
msimgseip.dat
publishedracmonswihash2.dat
publishedracmonxlrhash.dat
rsopcache2.dat
userlog.dat
wddrive.exe
cvvc.exe
fbmody.exe
lesbian*porn.exe
hlpuctf.dll
atiml.dll
ierdir.dat
hmuid.dll
snm.dll
swma.dll
miron.dll
scrsh.dll
iomus.dll
DD.DD.DDDD_DD.DD.DD.*.ori
lgs.dll
inl.exe
lid.dll
smdhostn.dll
dpimon.dll
usg.dll
ammyysvc.exe
ammyyservice.exe
dropbear.exe
vba_macro.exe
vba_test.exe
xpsgdi.dll
wudhostsrv.exe
olesvr.dll
diskcomp32.dll
clientdaemon.exe
fwscr32.dll
fwvip32.dll
kbext1.dll
ssmss.exe
copydate.exe
mskdbe.dll
urstb.dll
kmdor.dll
wsinterop.dll
jlxDD.exe
dxdiag32.dll
mssapi.dll
-733517798-279831577.exe
bewerbungsmappe*.exe
windowsupdate.exe
flogo.png
DD.DD.20DD*.com
mkfieldsec.dll
msximl.dll
msimghlp.dll
wkstrend.xml
xmlrts.png
zcerterror.png
encodebase.inf
dsntype.gif
plainpwd*.exe
mimikatz*.exe
mimicatz*.exe
spoolsv*.dll
shprnDD.dll
dpnvmrs.dll
hpDmlnv.dll
csrssdll*.dll
satacontroller
helper32.dll
bkcore.exe
*:helper32.dll
*:helper.exe
*:bkcore.exe
svchost.exe
lsass.exe
csrss.exe
winlogon.exe
explorer.exe
smss.exe
kernel32.dll
@Trojan.Win32/SkyTrust.??.<dp p="0" w="1"/><ch sx="Experimental"/>
@Trojan.Win32/SkyAgent.??.<dp p="0" w="1"/><ch sx="Experimental"/>
@Trojan.Win32/SkyAgent.AAB.<dp p="0" w="1"/><ch sx="Experimental"/>
@Trojan.Win32/Danger.LongSpace.<dp w="1"/>
@Trojan.Win32/SkyAgent.AAC.<dp p="0" w="1"/><ch sx="Experimental"/>
@Trojan.Win32/TrojanProxy.Lager
@Trojan.Win32/Spy.Agent.Gen
SECTIONS
Win32/Stepan
@Patched.Win32/SuspLibLoad.C%Experimental
@Trojan.Win32/Taggant.A
Win32/Invictus-based
Win32/Tolone
Win32/Tvido.C
termsrv.dll
@Patched.Win32/Spy.Ursnif.A
Win32/Vampiro.unknown
Win32/Virut.NBU
@Trojan.Win32/Packed.VMProtect.AAA
@Trojan.Win32/Packed.VMProtect.AAB.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.AAC.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.AAD
@Trojan.Win32/Packed.VMProtect.AAE.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.AAF.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.AAG.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.AAH
@Trojan.Win32/Packed.VMProtect.AAI.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.AAJ.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.AAK.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.AAL.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.AAM
@Trojan.Win32/Packed.VMProtect.AAN
@Trojan.Win32/Packed.VMProtect.AAO.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.AAP.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.AAQ.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.AAR.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.AAS.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.AAT.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.AAU.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.AAV.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.AAW.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.AAX.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.AAY.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.AAZ.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.ABA.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.ABB.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.ABC.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.ABD
@Trojan.Win32/Packed.VMProtect.ABE.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.ABF.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.ABG.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.ABH.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.ABI.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.ABJ.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.ABK.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.ABL.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.ABM.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.ABN.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.ABO
@Trojan.Win32/Packed.VMProtect.ABP.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.ABQ.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.ABR
@Trojan.Win32/Packed.VMProtect.ABS.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.ABT.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.ABU
@Trojan.Win32/Packed.VMProtect.ABV.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.ABW.<ch p="100"/>
@Trojan.Win32/Packed.VMProtect.ABX.<dp p="0"/><ch p="100"/>
@Trojan.Win32/Packed.VMProtect.ABY.<dp p="0"/>
@Trojan.Win32/Packed.VMProtect.ABZ.<dp p="0"/><ch p="100"/>
@Trojan.Win32/Packed.VMProtect.ACA.<dp p="0"/><ch p="100"/>
@Trojan.Win32/Packed.VMProtect.ACB.<dp p="0"/><ch p="100"/>
@Trojan.Win32/Packed.VMProtect.ACC.<dp p="0"/><ch p="100"/>
@Trojan.Win32/Packed.VMProtect.ACD.<dp p="0"/><ch p="100"/>
@Trojan.Win32/Packed.VMProtect.ACE
Win32/Vulcano
@Backdoor.Win32/Yodup-based
@Backdoor.Win32/Wonk.gen
Win32/Zezal
Win32/ZMist
Win32/ZMist.hooy
Win95/ZMorph.Bistro
Win95/ZPerm.A
Win95/ZPerm.B
Win32/Bakaver
@ApplicUnwnt.Win32/InstallCore.Gen.A~alg
$L+%,(,
+ICktL6D_M
i2r0ln31m
Virus WeeD 2.0 Made in Belarus! 
0123456789ABCDEF
e\f;OP
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
@Trojan.Win32/Exploit.CVE-2013-1331
Execute
Command
RunDll32.exe
2.-0Gu!zR)V`[Bq8j^3/I=&\XIb:A}54)e269[ \v|VrzsC
f8kN9cEp3kE+bhhYqQxOf^	v}b1JDdm#TquC
BwE'J,Ha*r]tu"'1K77oDMNyR;Y"L/TPojg&G*rd}j-t9 T{
+?.-8L,w]0g~nSlkGof4y5xt%]C!0&d#vMZ%R[$cl+?H({U#xpA)i4(.	sL*Y!D3$?
NwmP;U	USVi|sa:5c_aPeKgFXQX;I1WOi"FlmhZM|H%6'(p\Fn=Jz$2/yA_7=K`_ZQO, BW6e
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
AccConnAdvanced.html
INF/Autorun.SZ~nocd
@Trojan.RAR/Rapass.A%Experimental
<SCRIPTLANGUAGE=
"VBSCRIPT">
"JAVASCRIPT">
JAVASCRIPT>
<!DOCTYP
//VIRUS
//PRETEX
X5O!P%@A
;;;;;;;;
;<AUT2EX
;<COMPIL
;<NSIS S
;ANNEX
[AUTORUN
[ALIASES
%BOTCHAN
#COPYRIG
/CHANGEN
(DEFUN
DECLARE
HELLO!
REPORT 
REGEDIT
SET FS
'GEDZAC
;HELFIR
<HEAD>
;INFRARE
BINDINTERFAC
FILESIZE
WINDOWS REGISTRY
[INTERNE
GLOBAL$
GLOBAL CONST$
[LEVELS]
IMG{BEHA
ON 700
ON ERROR
ON 20:
;OPCIONES AV
DOCUMENT.WRI
BPLIST
OPTION
PRIVATE
#SEEN ON
(SETVAR
/SCRIPTS
<SCRIPT
USE IO::
[SCRIPT]
[SETTING
<TITLE>
[TEXT]
FUNCTION
[USERS]
[VARIABLES]
[VERSION
[WINDOWS
EXECUTE
EXESTRING=
MZ_EXE_F
XFORMS.dat
SCRIPT
acad.mnl
@Trojan.RAR/Recmt.A%Experimental
//PascalScript file
//Decompiled by ESET Archive Module
; 7ZipSfx configuration file, extracted by ESET Archives Module
Decompiled by ESET Archives Module
Raw content of entire Tin file
Decompiled by ESET Archives Module
Decompiled action sequences
//Gentee file
//Disassembled by ESET Archive Module
@Trojan.BAT/Bomber.A%Experimental
autorun.inf
script.nsi
$PHPSOULENGINE_INC.PHP
$_EVENTS.php
_event_
; <AUT2EXE (Decompiled by ESET)>
; <NSIS script (Decompiled by ESET)>
REGEDIT4
WINDOWSREGISTRYEDITOR
<XSL:SCRIPT
<?QUICKTIME
<!DOCTYPE HTML
<!DOCTYPE PLIST
<RELATIONSHIPS
JavaScript
ActnS/LFM.A
@Trojan.SWF/TrojanDownloader.Agent
@Trojan.SWF/Exploit.CVE-2007-0071
FSComman
continue
debugger
default
delete
finally
function
instanceof
return
switch
typeof
@Worm.Win32/Chir.A
@Application.Win32/Adware.Virtumonde.NEO~datafile
@Trojan.Win32/PSW.OnLineGames.FKR.Gen
@Trojan.Win32/Pexor.C.<ch sx="Experimental"/>
@Trojan.Win32/Pexor.B%Experimental
@Trojan.Win32/Cushim.A%Experimental
@Trojan.Win32/Cushim.B%Experimental
@Worm.Win32/Bagle.gen.zip
@Worm.Win32/Bagle.gen.rar
M35J0``,````$
X?N@X`M`G-(;@!3,TA5&AI<R!P<F]G<F%M
MB/-S:8CS<VF(&FQDB/)S:8A2:6-H\W-IB%!%``!
@Worm.Win32/VB.NEI
@Trojan.JS/Danger.ScriptAttachment.<dp w="1"/>
@Trojan.JS/Collector.E.<dp p="0" w="1"/><ch sx="Experimental"/>
@Trojan.Win32/Exploit.MS04-028
@Trojan.Win32/Exploit.WMF
@Trojan.Win32/TrojanDownloader.Ani.Gen
@Trojan.Win32/Exploit.MS04-032
ABCXYZ11
!DMALOCK
!DMALOCK3.0
!DMALOCK4.0
999999
bcbdbe2
n1n1n1
@Trojan.Win32/Filecoder.Locky~data
@Trojan.JS/Filecoder.RAA~data
@Trojan.Win32/Filecoder.NDT~data
@Trojan.Win32/Filecoder.Crysis~data
@Trojan.Win32/Filecoder.CryptProjectXXX~data
@Trojan.Win32/Filecoder.Enigma~data
@Trojan.Win32/Filecoder.DMALocker~data
@Trojan.Win32/Filecoder.UnblockUpc~data
@Trojan.Win32/Filecoder.Ishtar~data
@Trojan.Win32/Filecoder.NIJ~data
@Trojan.Win32/KillDisk~data
@Trojan.Win32/Filecoder.NLI~data
DoN0t0uch7h!$CrYpteDfilE
{CRYPTENDBLACKDC}
{ENCRYPTENDED}
LOGIC_ID=1
U2FsdGVkX1
winntd.dat
wincache.dat
ieapflrt.dat
nlang.dat
@Trojan.Win32/Blenercon.A%Experimental
:mssys32
@Trojan.Win32/Lamase.A%Experimental
hhlvt.dat
@Trojan.Win32/Iraha.A%Experimental
sound32.dat
@Trojan.Win32/Isrcfg.A%Experimental
huffman.inf
@Trojan.Win32/Turco.A%Experimental
mscomcrt.srg
mscomctrq.srg
msscripi.cnt
@Trojan.Win32/Unicol.AA%Experimental
msconfig.dll
msoert32.dll
msxml10r.dll
rdpcfg.dll
@Trojan.Win32/Unicol.AB%Experimental
adexmp.bin
activexinfo.bin
@Trojan.Win32/Unicol.AC%Experimental
rbcon.ini
77n.ini
mwfxcore187702n.ini
krman.ini
@Trojan.Win32/Unicol.AD%Experimental
icloudsyncd
authd_service
@Trojan.OSX/Closyn.A%Experimental
cnbk3.dat
@Trojan.Win32/Unicol.AE%Experimental
rgi236a.log
@Trojan.Win32/Unicol.AF%Experimental
ras.cache
@Trojan.Win32/Unicol.AG%Experimental
crypt.dll.bin
@Trojan.Win32/Unicol.AH%Experimental
rasphone.pck
rasphone.pdk
crdphone.pdk
@Trojan.Win32/Unicol.AI%Experimental
{0000????-????-0000-????-0000????0000}.dat
@Trojan.Win32/Palecon.A
Experimental
@Trojan.Win32/Palecon.B
@Trojan.Win32/Rehalo.A%Experimental
@Trojan.Win32/Adia.A%Experimental
@Trojan.Win32/Adia.B%Experimental
pp_form.html
@Trojan.HTML/SkyAgent.AA%Experimental
@Trojan.JS/Encoded.A%Experimental
@Trojan.VBS/Encoded.A%Experimental
email.
resume
winner_
readme_
letter.
accent.
details_
invoice_
rechnung_
post_ship
important_
post_track
post_parcel
statistics_
@Trojan.JS/SkyAgent.AA%Experimental
@Trojan.JS/Danger.DoubleExtension.<dp w="1"/>
@Trojan.VBS/Danger.DoubleExtension.<dp w="1"/>
@Trojan.Java/Doubex.A%Experimental
@Trojan.PowerShell/Doubex.A.<dp p="0" w="1"/><ch sx="Experimental"/>
@Trojan.Prepafix.??%Experimental
@Trojan.Win32/Kadir.A.<ch sx="Experimental"/>
@Trojan.Win32/MetaHeuristic.
.<dp w="1"/>
tcpip.sys
wininet.dll
sfc.dll
sfc_os.dll
sfcfiles.dll
ndis.sys
ntoskrnl.exe
ntdll.dll
user32.dll
powrprof.dll
ws2help.dll
advapi32.dll
imm32.dll
mmc.exe
services.exe
wuauserv.dll
sens.dll
actxprxy.dll
smlogsvc.exe
ws2_32.dll
userinit.exe
ipsec.sys
@Trojan.
@Worm.
@Backdoor.
Win32/
Win95/
@Trojan.Generik
@ApplicUnwnt.Generik
<dp p="0"/>
<ch sx="Generik
@Trojan.Win32/Exploit.CVE-2010-3970.A
@Trojan.Android/Obfus.C%Experimental
@Trojan.Win32/Exploit.CVE-2012-0003.A
@Trojan.PDF/CVE-2010-2883
@Trojan.PDF/CVE-2010-2862
@Trojan.Win32/Exploit.CVE-2012-0159.A
@Trojan.SWF/Exploit.CVE-2012-1535.B
@Trojan.Win32/Exploit.CVE-2012-2897.A
@Trojan.Win32/Exploit.CVE-2012-4786.A
@Trojan.Win32/Exploit.CVE-2015-2426.A
@Trojan.Win32/Exploit.CVE-2011-3402
Length
Filter
DecodeParms
stream
FlateDecode
ASCIIHexDecode
ASCII85Decode
RunLengthDecode
LZWDecode
CCITTFaxDecode
JBIG2Decode
DCTDecode
JPXDecode
startxref
Encrypt
trailer
OpenAction
AcroForm
Standard
EncryptMetadata
@Trojan.PDF/Exploit.Pidief.PHR
Resources
FontDescriptor
FontFile2
Annots
Predictor
Colors
BitsPerComponent
Columns
@Trojan.PDF/CVE-2010-0188
@Trojan.Win32/Exploit.CVE-2013-3906.A~alg
?456789:;<=
 !"#$%&'()*+,-./0123
$4,8-9'66.:$?#1*HhXpAeS~ZrNlS
Ebl\tHeQ
F~FbTwKiZ
4,8$9'6-.:$6#1*?hXpHeS~ArNlZ
EbS\tHlQ
FeFbT~KiZw
,8$4'6-9:$6.1*?#XpHhS~AeNlZrEbS
FeQbT~FiZwK
8$4,6-9'$6.:*?#1pHhX~AeSlZrNbS
EHl\tFeQ
T~FbZwKi
PQAeS~
~4[C)v
[.:$6g
j_FbT~
h4,8$@_
2\tHlWB
[T:$6.
Qkkbal
P%@Fpg`
ftGd$T
uJTZ7j
n6~UNt^
em002_32.dll
module_init_entry
em002_32.pdb
\]VWef_`nnKIH
MS-DOS     (
BAT        
SYSTEM     
VC         
CONFIG  EMM 
BORLANDC   
NU         
QEMM       
SWAP       
PACK       
CON     
CLOCK$  
M1973   EXE
NUL     
worthless block
COMSPEC=C:\DOS\COMMAND.COM
PATH=C:\DOS;C:\NC
windir=C:\WINDOWS
C:\E1234.567
           
           
????????COM
M1973.COM
M1973   COM
????????EXE
M1973.EXE
M1973   EXE
SYSTEM.INI
M1973   COM 
M1973   EXE 
C:\E1234.SYS 
f=MOC.
f=MOC.
ton   FA
8:<>@BDF
HERIFF V
NO NAME 
NO BOOTC
|8N$}$
FAT16   
Kleissne
Kleissne
LCAM FAT
99931228
EnTeR c0
 c0d3: 
ERROR]
uccess!$
PASSWORD
AVE SATA
1337 3v1
Nu11ers3
password
Removed!
Removed!
fuck you
m virus!
PassWord
CONFLICT
EncryptO
E HACKIN
C infect
e Cypher
 F**KED 
Shimmer
TM0L0S0
ATM0L0S
ssword: 
Password
Password
Password
:MZt	H
FenceC
APPNAME
MZ AVG U
rage Gro
as2_ADN.
,63,40,1
BeAnywhe
TO&HUG0
X-SX54r
ExeURL
copy SE
OPERAT
%76%61
62%6a%
teVideo
.idata
xploit
americ
FICE~1.E
Dcrypt
DcryptD
dcryptd
aw/?deci
ysbweb.
der.info
hotgsu
baidu.co
hallce
shell\op
http://
S (this.
S (this.
60.12.11
itaupers
#4f#70#6
#6fp#65n
yu.run "
<ifram
e("%3c%
qndy`mh
x.soso.
CAY, F
minix.s
dh.reg
Kick  
m7.exe"
\cmd.exe
\cmd.exe
\cmd.exe
\cmd.exe
\Icon33
.\RECY
enAction
nAction 
des.jar
odnokl
mauujx.e
juvofx.e
F.U.C.
g.info/d
/91.188
.vbs "
ript 5 0
cho B="m
ho B="m.
63/H [ 7
ox [ 0 0
ays. Mea
rnet-ant
es.EXE
JS 7 0 R
ayerrewa
ipt/JS 7
pt/JS 7 
gth 986
4d5a9000
Type/Emb
e da Maq
mputador
his prog
R>> /XOb
2] /Cont
ect [25 
ter [/AS
ript/JS 
pe/Embed
0 R>> /X
!This 
pe/Embed
kxxy~*lo
ImageB
!This 
7 0 R>>
.ggg;m4=
c:\sha
!This 
Date\(\)
/every
mCharCo)
e Inject
nts 10 0
omChar
rCode[
rCode[
rCode[
rCode[
pe/ObjSt
geC /Ima
Stm>>str
/plko 
<iframe
.banco
Run ".\
xe /cock
[AutoR
ript 24 
ript 24 
net Anti
rnet Ant
net Anti
nit.exe,
s\etc\
ce<</CS0
[autor
ces 8 0 
ID[<5F16
 |fafafa
ipt/JS 2
0]/3DD 4
 /Kids 
 /Kids 
ds [1 0 
com.br
2 0 R/Ro
677e32d8
c9fd9cad
 5;693e4
 0 R] /T
53436F6D
73745669
6D63746C
3746C4C6
0 R] /Ty
/Kids [1
/Kids [1
/Kids [1
4DF>]/In
69737456
pwazfzo
3\x72\x6
\svchost
ffbd3394
ishnnaya
Your ide
crimeuni
s\etc\h
RSA1024.
stat/tuk
stat/tuk
stat/tuk
stat/tuk
stat/tuk
stat/tuk
stat/tuk
/stat/
/stat/
/stat/
/stat/
/stat/
/stat/
/stat/
/stat/
RSA1024.
112.90.2
\drive
ers\etc\
ers\etc
D0CF11E0
D0CF11E0
D0CF11E0
tazebama
vers\et
vers\et
_zhaloby
rs\etc\
rs\etc\
/xblbl
ers\et
118E64B8
C1FB84D8
dcjKz85m
0A1B11AE
D0CF11E0
D0CF11E0
D0CF11E0
rs\etc\
rs\etc\
rs\etc\h
rs\etc\
rs\etc\
rs\etc\
rs\etc\
"Praet
0x7dd8
d0cf11e0
d0cf11e0
If you a
If you a
If you a
If you a
Your ide
Your ide
Your fil
s virus!
crypted.
(.doc,.x
.doc,.xl
\driver
gemmoroi
http://
http://
http://
If you'r
loby.doc
http://
PYIIIIII
loby.doc
http://
I'm sorr
KOV.Op
http://
NEHOCH
http://
http://
http://
stemroot
ReadLine
.XMLHTTP
http://
http://
http://
http://
http://
http://
http://
If you'r
All your
http://
http://
http://
odnoklas
http://
http://
http://
form.scr
INFO.scr
ss.exe
All file
Your fil
eval(bas
%%b in
%%b in
arava3v.
shell_ex
Attentio
Attentio
ws2_32
DiskCryp
encrypte
BitCrypt
<KL Auto
DiskCryp
All fi
All file
ALL YOUR
encrypte
aUtOrUn
CRYPTORB
sralki/
niya.jpg
podosral
stallCor
stallCor
stallCor
stallCor
stallCor
stallCor
stallCor
filials@
http://
http://
http://
http://
RSA2048 
new_k.ex
http://
http://
niya.jpg
niya.jpg
http://
Your fil
"GPCODE"
niya.jpg
just.pay
http://
niya.jpg
:\Umbr
http://
http://
http://
RSA-1024
http://
http://
RSA-2048
@casinom
cryptfil
ht"+"tp:
niya.jpg
Your doc
RSA-1024
niya.jpg
ss.exe
13244 >>
RSA-1024
paycrypt
uncrypt@
Postanov
"miner"
+"p://"+
VIRUS CR
RSA-2048
4497.jpg
keybtc@g
RC4 algo
day.btc
day.btc
paycrypt
t"+"p://
t"+"p://
t"+"p://
t"+"p://
t"+"p://
t"+"p://
oilruorg
PAYCRYPT
 /Fl    
encrypti
http:/"+
keybtc@g
paycrypt
keybtc) 
Postanov
vRFySh)'
+"tp://"
+"tp://"
+"tp://"
Your fil
Your d
kh1hova1
All your
If you
"tp:"+"/
+"/"+"/"
"+"/"+"/
"+"/"+"/
"tp:"+"/
+"/"+"/"
"t"+"p:"
If you'r
cryptfin
perfect?
146.185.
paycrypt
href="ht
avpui.ex
encrypte
genesis)
If you a
"http://
If you'r
tp:"+"/"
uncrypte
If you a
If you'r
ENCRYPTE
eval(bas
fdA($rut
$_J0x1
A62 = Bi
62 = Bin
62 = Bin
62 = Bin
A62 = Bi
A62 = Bi
txt',@Te
Kruptos.
If you'r
Je docum
Tus docu
ers\Work
RSA1024 
Web Shel
o7=''; v
ers\Code
b=''; fu
d=''; fu
ong = "Y
If you'r
ali'; fu
Ihre Dok
xe',@Tem
"t"+"p:"
"+PLITKA
n .vault
 .vault
 .vault
 .vault
C9E4D61D
/q.r?s=j
 .vault
 .vault
 .vault
 .vault
 .vault
 .vault
+"t"+"p:
_a_-_-_
_a_-_-_
All your
knkti98r
_a_-_-_
_a_-_-
zzd5yu6b
_a_-_-_
zzd5yu6b
_a_-_-_
format
_a_-_-_
vxcbr4tx
vzsfefrg
34vd6w3
%$--_-__
%$--_-__
jX0jFnvW
_a_-_-_
_a_-_-_
%$--_-__
j.Ilxabo
msdmsKnz
%$--_-__
7833gred
rJ_13NVk
j.Ilxabo
%$--_-__
msdmsKnz
%$--_-__
%$--_-__
xpe.pvpq
xpe.pvpq
cixpe.pv
6j564554
%$--_-__
bnmsdmsK
%$--_-__
bnmsdmsK
%$--_-__
6j564554
%$--_-__
bnmsdmsK
_a_-_-_
%$--_-__
_a_-_-_
%$--_-__
hsjsewlw
bnmsdmsK
bnmsdmsK
%$--_-__
54tgvd4$
mv6oUZ84
%$--_-__
oKO571pq
kUN3_5I9
C7x6lPV1
%$--_-__
u8O9Z1qx
7dzQr_G5
65%$%3ff
bnmsdmsK
tg@556
%$--_-__
%$--_-__
23@%$987
bnmsdmsK
cixpe.pv
odcKLGFP
%$--_-__
7833gred
%$--_-__
cedfv45
23@%$987
jqcd23SX
If you a
cfe23d3v
cixpe.pv
bONfDSyb
%$--_-__
%$--_-__
%$--_-__
%$--_-__
%$--_-__
%$--_-__
%$--_-__
%$--_-__
%$--_-__
ixpe.pvp
%$--_-__
sES7hRJj
_a_-_-_
fttdyh
%%$$$764
xfhrdgbf
%%cQhWvZ
_a_-_-_
%%cQhWvZ
vouxvsri
ss	loadB
Your fil
_a_-_-_
s	loadBy
_a_-_-_-
_a_-_-_-
inerLv1
4WmW33EQ
_a_-_-_-
MSDcache
bpuefnhk
EFopq456
ainerLv1
ainerLv1
m3morfn1
cxsddwfe
_a_-_-_
ypt file
finitio
_a_-_---
Bogdan
cG93ZXJz
s]::Star
fo;$s.Fi
t"+"p"+"
t"+"p"+"
c3645c78
$1$6$7$@
length
vcxegrdf
_a_-_-_
_a_-_-_
_a_-_-_
_a_-_-_
tle>IMPO
xzceww4s
_a_-_-_
tCoinLoc
11242o13
5347c112
5347c112
36765436
vghsgefd
E-2015-0
_a_-_-_
tina4865
3485300c
?=======
_a_-_-_
Scene 1
addEven
o decryp
t(h,36)^
ytrujtyh
length
length
_a_-_-_
length
bre44trg
"http://
length
addChi
41134627
strRc4De
41134627
015-0336
17884350
tyrtdfgh
015-0336
4Dcrypt
tyrtdfgh
rFrame
pt0L0cke
ypt0L0ck
e>WA&#37
ypt0L0ck
210u8834
809210u8
94666840
46575308
ame	loa
ption RS
ggtertwr
 je de l
tDDDt033
le>&#361
oke="555
52142311
15-0336;
ggtertwr
jettikay
rentDo
rrentDo
rentDo
-1046592
19829158
67203965
NO-PASS
oke="555
ggtertwr
vcbghnrt
52142311
fsrgtfas
If you'r
LeNgTh
lEnGtH
ryptoWal
afdsrgvb
!This 
afdsrgvb
urWeXot
rtrgdxfg
bgxdfrtg
var fn 
fsrgtfas
var fn 
var fn
var fn 
var fn 
http://
fsgfsdgs
fsgfsdgs
ggtertwr
fsgfsdgs
fsgfsdgs
iexplore
yegfhsdf
What hap
CryptoWa
remove
ABJAG4Ad
015-0336
D$|-mal
exp_swf_
ploit	av
remove
015-5119
ovieClip
If you'r
142u3932
var key 
kH='fPud
ar OSBjq
nEN='fBu
xoYnd od
giuovnv 
ADVERTEN
toWall 3
== 'ttt'
ypt0L0ck
14;NEML&
files?</
o673a3d2
2015-512
35 < (a 
en irrev
del /q *
ttl">Wha
hIwDhcZg
hIwDhcZg
e>Tartar
jkahbLeC
$_J0x181
://ul.to
://ul.to
der Win3
DOS mode
DOS mode
var key 
/I /B /D
015-5122
ke="5557
key = 'k
& wget h
22cmd.ex
 RaaS.
333333
333333
--123123
What hap
Wall  20
FF;"> <!
le>Chime
ret.key2
terpol !
ey + Sec
015-5119
tr="5550
015-2419
<!----
sleep30.
r="55505
;"> <!--
(add t
;"> <!--
015-0336
xRkR9MF5
on fiduv
nction(m
str="555
str="555
str="555
str="555
str="555
str="555
str="555
str="555
str="555
70116145
tr="5551
n 'tt';}
llllllll
r="55515
'fasd'+d
F;"> <!-
"142u393
gPQQ62LH
I1lIl1
CFF;"> <
>Chimera
Chimera 
t"+"p"+"
tr="5551
r="55515
r="55515
r="55515
r="55515
r="55515
r="55515
r="55515
r="55515
r="55515
r="55515
r="55515
tr="5551
tr="5551
r="55515
r="55515
r="55515
r="55515
r="55515
r="55515
r="55515
r="55515
r="55515
r="55515
tr="5551
r="55515
r="55515
r="55515
r="55515
r="55515
r="55515
r="55515
tr="5551
r="55515
r="55515
tr="5551
tr="5551
015-5119
str="555
r="55515
r="55515
r="55515
r="55515
r="55515
r RaaS.
24h to p
e BLOCKE
ga <yaga
str="555
CFF;"> <
--> <cen
_ThLw&
--> <sty
;"> <!--
What hap
 email 
X4WztZc8
=[];for(
ypted us
rrevocab
!-- ===2
[10]='\r
;while(t
;while(t
;while(t
vQjSpAsi
__MPRESS
! ALL YO
!--01010
ail yaga
FGovbOxh
o your f
> <!--32
Array();
Array();
Array();
DkJ4wGH0
nloadFil
={0:0x
-- =4325
0)'; };
ca, gene
='555C54
r g=e%c;
 DoSWF:h
babushka
ated By 
z=new Ar
!-- 7283
perated 
"ream")
contact:
YXCrznQj
4312]+
t">safa7
sainturb
olor:880
e NO CHA
l yagaba
adsmanag
hconnTW
2. After
IF YOU W
LOCKED w
 RSA-204
ote'.e()
ion', 't
ing(''H4
ing(''H4
ng(''H4s
AGE? USE
onal RSA
OXY 185.
ed to yo
='555D54
='555D54
='eval',
[Shajt!]
re prote
"?n?ine.
ion(r) {
.1.9";
 = this[
hell".sp
cript.S 
C E R B 
e(/[\u00
hell".sp
"nmentS"
 hell".s
S were e
pt.Shell
ri  %TE 
!</h1><p
=["\x72
"\x72"+"
.saveToF
YgBsAGk
x73\x61\
!!! NOS 
!!! NOS 
crypted!
mbjqex
){return
es are e
C E R B 
##  \ ##
EN LOCKE
ption Se
65\x6E"]
74\x65"]
"%TeMP%\
All impo
ryptor R
was secu
on of en
OR *****
E(SW):E=
OR *****
IGMA . 
ion.Defl
#How to 
 MISCHA 
MISCHA R
To decry
DECRYPT 
CERBER R
Hvbw71lo
 KwT20='
encrypte
Black Sh
d358yhfd
ion dl()
%\123.tx
le('http
ient).Do
encrypte
close" +
ile('htt
elf will
a.open('
powershe
lidizzz
ENCRYPTE
Alma Loc
encrypte
Sh"+"ell
var TPg 
var Bg =
MAAA==(6
var Mp =
MNIOKEEV
PAa = ""
RDv = '\
unblocku
 .1txt .
;k>m&&f.
download
Drefresh
powershe
powershe
fkolsctg
hm>wxumg
Hn(133
Cerber R
s=sdypgg
0x11+0xE
ENTION !
Ce6(PCt1
Vara  = 
ptyVara 
++){var 
eval; if
ent).Dow
\cmd.exe
):e.6Rt7
riSabri 
ne(r):e.
File(_0x
To decry
IikuZGVj
TH MNS C
RE ENCRY
ree(chr(
mscl.ex
il : the
en Encry
"&{iex '
=MSI.com
All your
(REPLACE
All your
aes-ni r
ATTENTIO
I crypte
"ndows\
tracker.
2.sct?dl
timoScar
I16.GIF*
|Ro%{Q
DEL C:
\*.exe
Srpska
FORMAT
nD.aNt
DA=ND=L
1G03G01G
me	 : 
BUGSRES
8858.exe
8888.exe
fei.exe
RUSMOM
.clubna
U90e4@si
tem OK
1E"GGI
VSafe.S
OTGUAR
tral Poi
DEL C:
uz~1\s
L C:\Rup
= Apulia
Code:)
DEL conf
V-Bloc
VirusG
eVSAFE_
CPAV.INI
VirexPro
TBBS Ver
C:\*.*
/<MBDF
/<MBDF
tP=MZtK
evbar.c
contro
SI Bomb
Bomb.ans
34i98v
Vitali
c:\sha
stupid
ghost.
c:\myf
GVDGZfs[
Fragus
BLUTOKE
DEL c:
\*.COM
6i0-GeT
1FE3-10
inBootD
at c: >
ANNABIS
tpc.ex
tiGate
-> infe
-> infe
NSI BOMB
a bomb .
ANSIB 
BOOM 1.1
RABID P
ANSI BOM
Trojan H
Trojan H
ho>>%bom
format c
format c
format c
format c
C:\virge
C:\virge
<>octc
MSEM87
MSEM87
Worm G
kon.vbs
zp.vbs
x.mpg"
menude~
/z0mbie	
Ansi Bo
DEL *.*
ERASE *
FONO98
FONO98
RKLUNK
ilure 
immuni
<TMP=t
B 02CV
;NHNT1..
?INGXu
>.relu
>.relu
=.EXEu`
>XPADu
=_AVPt6
>Loadu
jeh*.e
>aryAt
~LATIK
>SENDu
z|Z0MB
z|Z0MB
h/MISP
{NThis
{NThis
{NThisu
thhl&3
ston.mrc
\Kekule
dllhwsys
;Kernt
?|SYSt
?|SYSt
hicumhga
xc2DPP
monloc
8GetPu2
?GetPu@
8GetPu2
_Proxy.D
?GetPu@
>Loadu
>Loadu
>Loadu
>Loadu
>Loadu
>Loadu
>Loadu
URLDownl
ers32.da
.log T
~LATIK
?GetPu@
;rocAu3
iceProc
users64.
users32.
NODAhAnt
32dm.dat
urnew32.
n~1\ws2_
?GetPu@
E@hxec
jxhPx.a
?GetPu@
ExpIorer
?GetPu@
MSGM.DLL
MSGSCR.T
?GetPu@
8INITu
haryAh
haryAhL
8TDLFuF
fgvdvdfg
8DAUQuZ
hpi32had
hpi32had
hpi32had
rhLoadTW
xNThist
dleCode
XhAntiPX
thloadT
hw3scT
xy.Dll
keybank
v.hspooT
n_5-0$
\hlp.dat
\hlp.dat
\hlp.dat
pretec
8PsCru]
Proyecto
8PsCru]
haryAh
GLKCOM
FX.G.4.
=.cpaXu
FX.G.6.
FX.G.7.
FX.G.9.
vira avg
FX.G.10.
TQQRQQ
TVPPQR
JOIN &vi
rocA9F
rocA9F
LoadTU
rocA9F
Ap1mutx7
<$MXfX
A]A\^[
s\hackar
PAQRAASA
PAQRAASA
guard32.
K_NRXNu
K_NRXNu
H_NRXNu
H_NRXNu
H_NRXNu
H_NRXNu
BBPAQJJR
H_NRXNu
H_NRXNu
K_NRXNu
H_NRXNu
H_NRXNu
H_NRXNu
H_NRXNu
H_NRXNu
H_NRXNu
H^NRXNu
H^NRXNu
H^NRXNu
H^NRXNu
BBPAQJJR
H^NRXNu
H^NRXNu
^NRXNu
^NRXNu
^NRXNu
^NRXNu
^NRXNu
^NRXNu
^NRXNu
^NRXNu
^NRXNu
^NRXNu
^NRXNu
^NRXNu
VWh_RP_
^NRXNu
^NRXNu
^NRXNu
K^NRXNu
K^NRXNu
K^NRXNu
XZY[_^
XZY[_^
XZY[_^
XZY[_^
XZY[_^
XZY[_^
YG^_CXH
[C_CY_H
E\CY^XH
G[[YA]H
][E^GZH
]GYYX^H
\CXCY[H
EZXE]YH
EYYCX^H
[YEZAX^H
fffff.
^E\YA_H
[YE\X_H
XC^[CXH
G[A_C\H
^A[^G_H
^ZG__[H
ZGX_G^H