Detections

Yara:

DarkComet

Analysis

Category Package Started Completed Duration Log
STATIC 2020-10-05 20:28:03 2020-10-05 20:28:03 0 seconds Show Log

    

File Details

File Name 5ea3092330302ec211e06272
File Size 774144 bytes
File Type PE32 executable (GUI) Intel 80386, for MS Windows
PE timestamp 2012-06-07 15:59:53
MD5 3b50cc728a2819336f1a38d066769145
SHA1 13c727ffd52994a5c00be3d76c43f297de683cce
SHA256 5ea3092330302ec211e0627235b5020f41e6d8da130dc7eb4548b0e739072cac
SHA512 9495ba51ad296d0b3e348e3bd5b09dcd4925646b318c0a6d445a4773aa5ed82948b0a214d2c34455c73b3d9fad8dfe34f81b158ab0fa5d3ca85b0df36c0cd865
CRC32 39E2E598
Ssdeep 12288:e9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hY:qZ1xuVVjfFoynPaVBUR8f+kN10EBS
ClamAV
  • Win.Trojan.DarkKomet-1
  • Win.Trojan.Darkkomet-6745084-0
  • Win.Trojan.Vobfus-6875610-0
  • Win.Trojan.Darkkomet-7113180-0
  • Win.Trojan.Fynloski-40
CAPE Yara
Download Download ZIP Resubmit sample

Signatures

CAPE detected the DarkComet malware family
CAPE has extracted a malware configuration
extracted_config: DarkComet

Screenshots

No screenshots available.

Hosts

No hosts contacted.

DNS

No domains contacted.


Summary

BinGraph Download graph

2020-10-05T20:42:15.564301 image/svg+xml Matplotlib v3.3.0, https://matplotlib.org/ Nothing to display.
This program must be run under Win32
.text
`.itext
`.data
.idata
.rdata
@.reloc
B.rsrc
Boolean
False
Integer
Cardinal
string
WideString
OleVariant
TObject
TObject
System
IInterface
System
IDispatch4
System
TInterfacedObject
FastMM Borland Edition
2004, 2005 Pierre le Riche / Professional Software Development
$]_^[
]_^[
#5$WI
)= WI
An unexpected memory leak has occurred.
The unexpected small block leaks are:
bytes:
Unknown
String
The sizes of unexpected leaked medium and large blocks are:
Unexpected Memory Leak
SVWUQ
;"u3S
;"u<S
Z]_^[
,$YXZ
Ht Ht.
_^[Y]
~KxI[)
YZXt5
BkU'9
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
_^[YY]
_^[Y]
PPRTj
YZXtp
YZXtm1
ZTUWVSPRTj
t=HtN
_^[Y]
_^[Y]
t-Rf;
t f;J
SVWRP
Z_^[X
tVSVWU
0f;\2
t-Rf;
t f;J
kernel32.dll
GetLongPathNameA
Software\Borland\Locales
Software\Borland\Delphi\Locales
_^[YY]
FFF;M
^[YY]
^[YY]
odSelected
odGrayed
odDisabled
odChecked
odFocused
odDefault
odHotLight
odInactive
odNoAccel
odNoFocusRect
odReserved1
odReserved2
odComboBoxEdit
Windows
TOwnerDrawState
_^[Y]
_^[Y]
Magellan MSWHEEL
MouseZ
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
TFileName
TSearchRec`
Exception
EAbort
EHeapException
EOutOfMemory
EInOutError`
EExternal
EExternalException
EIntError
EDivByZero
ERangeError
EIntOverflow
EMathError
EInvalidOp
EZeroDivide
EOverflow
EUnderflow
EInvalidPointer
EInvalidCast
EConvertError
EAccessViolation
EPrivilege
EStackOverflow
EControlC
EVariantError
EAssertionFailed
EAbstractError
EIntfCastError
EOSError
ESafecallException
SysUtils
SysUtils
TThreadLocalCounter
$TMultiReadExclusiveWriteSynchronizer
-{{{{1
-ffff!
-{{{{1
-ffff!
-[[[[1
-ffff!
-[[[[1
-ffff!
SWSVj
sDFJu
False
$Z_^[
$Z_^[
^[YY]
QQQQS
<*t"<0r=<9w9i
INFNAN
QS<$t
_^[YY]
_^[YY]
$YZ_^[
t%HtIHtm
AM/PM
SVWUQ
$Z]_^[
_^[Y]
QQQQQQSVW3
QQQQQSVW
D$PPj
D$LPj
_^[Y]
_^[YY]
TErrorRec
TExceptRec
t<HtH
$YZ_^[
$YZ^[
WUWSj
YZ]_^[
_^[Y]
m/d/yy
mmmm d, yyyy
AMPM
AMPM
:mm:ss
TUnitHashArray
SysUtils
TModuleInfo
DVCLAL
SVWUQ
Z]_^[
kernel32.dll
GetDiskFreeSpaceExA
SVWUQ
Z]_^[
SVWUQ
(Z]_^[
YZ]_^[
;C$t4
_^[Y]
tagMULTI_QI
IPersist4
ActiveX
tagEXCEPINFO
oleaut32.dll
VariantChangeTypeEx
VarNeg
VarNot
VarAdd
VarSub
VarMul
VarDiv
VarIdiv
VarMod
VarAnd
VarOr
VarXor
VarCmp
VarI4FromStr
VarR4FromStr
VarR8FromStr
VarDateFromStr
VarCyFromStr
VarBoolFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromBool
TCustomVariantType
TCustomVariantType
Variants
EVariantInvalidOpError
EVariantTypeCastError
EVariantOverflowError
EVariantInvalidArgError$
EVariantBadVarTypeError
EVariantBadIndexError
EVariantArrayLockedError
EVariantArrayCreateError
EVariantNotImplError
EVariantOutOfMemoryError
EVariantUnexpectedError
EVariantDispatchError
t?Htb
SVWUQ
Z]_^[
_^[YY]
_^[Y]
_^[Y]
Uhy'A
_^[Y]
UhR(A
_^[Y]
Uh>)A
_^[Y]
Uhg+A
Uhd1A
Uhy6A
Uh BA
Uh1CA
QQQQSV
Uh|HA
UhKIA
Uh)IA
Uh1JA
UhpOA
Uh*PA
UhTQA
Uh7QA
Uh"WA
Empty
Smallint
Integer
Single
Double
Currency
OleStr
Dispatch
Error
Boolean
Variant
Unknown
Decimal
ShortInt
LongWord
Int64
UhB^A
String
Array
ByRef
Variants
Uh5_A
_^[YY]
_^[Y]
SVWUQ
Z]_^[
Uh bA
_^[Y]
False
UhsgA
_^[Y]
_^[Y]
_^[YY]
$YZ^[
Uh:mA
TBiDiMode
bdLeftToRight
bdRightToLeft
bdRightToLeftNoAlign
bdRightToLeftReadingOnly
Classes
ssShift
ssAlt
ssCtrl
ssLeft
ssRight
ssMiddle
ssDouble
Classes
TShiftState
THelpContext
THelpType
htKeyword
htContext
ClassesxnA
TShortCut
TNotifyEvent
Sender
TObject
EStreamError
EFileStreamError
EFCreateError
EFOpenErrortpA
EFilerError
EReadError
EWriteError|qA
EClassNotFound
EResNotFound
EListError
EBitsError
EStringListError
EComponentError
EOutOfResources
EInvalidOperation
TList
TThreadList
TBits
TPersistent
TPersistentluA
Classes
TInterfacedPersistent
TInterfacedPersistent\vA
Classes
IStringsAdapter4
Classes
TStrings
TStringsHwA
Classes
TStringItem
TStringList(yA
TStringList
Classes
TStream
THandleStream
TFileStream
TCustomMemoryStream
TMemoryStream
TStringStream
TResourceStream
TStreamAdapter
TClassFinder
TFiler
TReader
EThreadD
TThreadX
TComponentNamel
IDesignerNotify4
Classes
TComponent
TComponent
Classes
Name<
TBasicActionLink
TBasicAction
TBasicActiont
Classes
TIdentMapEntry
TRegGroup
TRegGroups
YZ]_^[
_^[Y]
_^[Y]
SVWUQ
u)FMu
Z]_^[
SVWUQ
$Z]_^[
SVWUQ
Z]_^[
SVWUQ
Z]_^[
SVWUQ
Z]_^[
SVWUQ
$Z]_^[
_^[YY]
TIntConst
_^[Y]
_^[Y]
_^[YY]
_^[Y]
SVWUQ
Z]_^[
W<CNu
Strings
_^[Y]
S$_^[Y]
^[YY]
_^[YY]
Sd]_^[
SVWUQ
$Z]_^[
S4_^[
^[YY]
_^[Y]
TPropFixup
TPropIntfFixup
Owner
_^[YY]
_^[Y]
C0_^[
;- uA
Classes
_^[Y]
False
_^[YY]
QQQQ3
%s_%d
_^[YY]
^[YY]
QQQQQQQS
YZ_^[
_^[Y]
SVWUQ
Z]_^[
_^[Y]
S _^[
SVWUQ
Z]_^[
YZ_^[
SVWUQ
Z]_^[
G0_^[
;CDt:
R0_^[]
_^[YY]
TPUtilWindow
ERegistryException
TRegistryS
Q8FKu
Q8FKu
SVWUQ
Z]_^[
SVWUQ
Z]_^[
^[YY]
Uhq#B
Uht$B
UhW$B
Uhs'B
Uh`)B
TColor
EInvalidGraphic,*B
EInvalidGraphicOperation
TFontPitch
fpDefault
fpVariable
fpFixed
Graphics
TFontName
TFontCharset
TFontStyle
fsBold
fsItalic
fsUnderline
fsStrikeOut
Graphics
TFontStyles
TPenStyle
psSolid
psDash
psDot
psDashDot
psDashDotDot
psClear
psInsideFrame
psUserStyle
psAlternate
Graphics
TPenMode
pmBlack
pmWhite
pmNop
pmNot
pmCopy
pmNotCopy
pmMergePenNot
pmMaskPenNot
pmMergeNotPen
pmMaskNotPen
pmMerge
pmNotMerge
pmMask
pmNotMask
pmXor
pmNotXor
Graphics
TBrushStyle
bsSolid
bsClear
bsHorizontal
bsVertical
bsFDiagonal
bsBDiagonal
bsCross
bsDiagCross
Graphics
TGraphicsObjectL-B
TGraphicsObject$-B
Graphics
IChangeNotifier4
Graphics
TFont(.B
TFont
Graphics
Charsetl)B
Color<
Height
Name<
OrientationH*B
Pitch<
Style
Graphics
Color
Mode +B
Style<
Width
TBrush
TBrush
Graphics
Color\,B
Style
TCanvas
TCanvas\1B
Graphics
Brush<
CopyMode$.B
TGraphic
TGraphic
Graphics
TPicture
TPicture84B
Graphics
TSharedImage
TMetafileImage
TMetafile
TMetafile
Graphics
TBitmapImage
TBitmaph7B
TBitmap
Graphics
TIconImage
TIcon
TIcon08B
Graphics
TResourceManager
TBrushResourceManager
^[YY]
UhE<B
_^[YY]
_^[Y]
Uh4=B
_^[Y]
^[YY]
clBlack
clMaroon
clGreen
clOlive
clNavy
clPurple
clTeal
clGray
clSilver
clRed
clLime
clYellow
clBlue
clFuchsia
clAqua
clWhite
clMoneyGreen
clSkyBlue
clCream
clMedGray
clActiveBorder
clActiveCaption
clAppWorkSpace
clBackground
clBtnFace
clBtnHighlight
clBtnShadow
clBtnText
clCaptionText
clDefault
clGradientActiveCaption
clGradientInactiveCaption
clGrayText
clHighlight
clHighlightText
clHotLight
clInactiveBorder
clInactiveCaption
clInactiveCaptionText
clInfoBk
clInfoText
clMenu
clMenuBar
clMenuHighlight
clMenuText
clNone
clScrollBar
cl3DDkShadow
cl3DLight
clWindow
clWindowFrame
clWindowText
ANSI_CHARSET
DEFAULT_CHARSET
SYMBOL_CHARSET
MAC_CHARSET
SHIFTJIS_CHARSET
HANGEUL_CHARSET
JOHAB_CHARSET
GB2312_CHARSET
CHINESEBIG5_CHARSET
GREEK_CHARSET
TURKISH_CHARSET
HEBREW_CHARSET
ARABIC_CHARSET
BALTIC_CHARSET
RUSSIAN_CHARSET
THAI_CHARSET
EASTEUROPE_CHARSET
OEM_CHARSET
Uh{FB
Uh^FB
UhXIB
Uh0IB
Default
UhPLB
Uh3LB
_^[Y]
_^[YY]
$YZ^[
UhfZB
Uhv\B
Uh=_B
E$PVSj
YZ_^[
Uh]aB
$Z_^[
_^[YY]
Uh]hB
UhMfB
Uh=hB
C ;C$s
UhyjB
Uh}lB
UhHoB
TClipboardFormats
_^[YY]
_^[Y]
_^[YY]
S`_^[Y]
Uh|vB
3TjdP
kD$TdP
3TjdP
kD$PdP
EMFt
?TjdR
D$LPkD$XdPV
?TjdR
D$HPkD$TdPV
|$( EMFt
^[YY]
sTjdR
D$HPkD$TdPV
D$LPkD$XdPW
TBitmapCanvas
TBitmapCanvas
Graphics
@pPV3
_^[YY]
<$BMt
T]_^[
Sd_^[
Sd_^[
D$*Ph
T]_^[
C(_^[Y]
\$4Vj
Tahoma
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
MS Shell Dlg 2
TPatternManagerSV
_^[YY]
EOleError
EOleSysError
EOleException
Apartment
Neutral
_^[Y]
%s, ClassID: %s
%s, ProgID: "%s"
ole32.dll
CoCreateInstanceEx
CoInitializeEx
CoAddRefServerProcess
CoReleaseServerProcess
CoResumeClassObjects
CoSuspendClassObjects
QQQQQQQQSV
PQRhD
TOrderedList
TStack
IHelpSelector4
HelpIntfs
IHelpSystem4
HelpIntfs
ICustomHelpViewer4
HelpIntfs
IExtendedHelpViewer
HelpIntfs
EHelpSystemException
THelpManager
THelpViewerNode
_^[YY]
8^SVW
R(FKu
^[YY]
W<FKu
_^[Y]
_^[Y]
GetMonitorInfoA
GetSystemMetrics
MonitorFromRect
MonitorFromWindow
MonitorFromPoint
>(r[j
GetMonitorInfo
DISPLAY
>(r[j
GetMonitorInfoA
DISPLAY
>(r[j
GetMonitorInfoW
DISPLAY
EnumDisplayMonitors
USER32.DLL
TSynchroObject
THandleObject
TEvent
TCriticalSection
OleMainThreadWndClass
ole32.dll
CoWaitForMultipleHandles
_^[Y]
BeginBufferedPaint
EndBufferedPaint
BufferedPaintSetAlpha
uxtheme.dll
OpenThemeData
CloseThemeData
DrawThemeBackground
DrawThemeText
GetThemeBackgroundContentRect
GetThemePartSize
GetThemeTextExtent
GetThemeTextMetrics
GetThemeBackgroundRegion
HitTestThemeBackground
DrawThemeEdge
DrawThemeIcon
IsThemePartDefined
IsThemeBackgroundPartiallyTransparent
GetThemeColor
GetThemeMetric
GetThemeString
GetThemeBool
GetThemeInt
GetThemeEnumValue
GetThemePosition
GetThemeFont
GetThemeRect
GetThemeMargins
GetThemeIntList
GetThemePropertyOrigin
SetWindowTheme
GetThemeFilename
GetThemeSysColor
GetThemeSysColorBrush
GetThemeSysBool
GetThemeSysSize
GetThemeSysFont
GetThemeSysString
GetThemeSysInt
IsThemeActive
IsAppThemed
GetWindowTheme
EnableThemeDialogTexture
IsThemeDialogTextureEnabled
GetThemeAppProperties
SetThemeAppProperties
GetCurrentThemeName
GetThemeDocumentationProperty
DrawThemeParentBackground
EnableTheming
DWMAPI.DLL
DwmExtendFrameIntoClientArea
DWMAPI.DLL
DwmIsCompositionEnabled
clWebSnow
clWebFloralWhite
clWebLavenderBlush
clWebOldLace
clWebIvory
clWebCornSilk
clWebBeige
clWebAntiqueWhite
clWebWheat
clWebAliceBlue
clWebGhostWhite
clWebLavender
clWebSeashell
clWebLightYellow
clWebPapayaWhip
clWebNavajoWhite
clWebMoccasin
clWebBurlywood
clWebAzure
clWebMintcream
clWebHoneydew
clWebLinen
clWebLemonChiffon
clWebBlanchedAlmond
clWebBisque
clWebPeachPuff
clWebTan
clWebYellow
clWebDarkOrange
clWebRed
clWebDarkRed
clWebMaroon
clWebIndianRed
clWebSalmon
clWebCoral
clWebGold
clWebTomato
clWebCrimson
clWebBrown
clWebChocolate
clWebSandyBrown
clWebLightSalmon
clWebLightCoral
clWebOrange
clWebOrangeRed
clWebFirebrick
clWebSaddleBrown
clWebSienna
clWebPeru
clWebDarkSalmon
clWebRosyBrown
clWebPaleGoldenrod
clWebLightGoldenrodYellow
clWebOlive
clWebForestGreen
clWebGreenYellow
clWebChartreuse
clWebLightGreen
clWebAquamarine
clWebSeaGreen
clWebGoldenRod
clWebKhaki
clWebOliveDrab
clWebGreen
clWebYellowGreen
clWebLawnGreen
clWebPaleGreen
clWebMediumAquamarine
clWebMediumSeaGreen
clWebDarkGoldenRod
clWebDarkKhaki
clWebDarkOliveGreen
clWebDarkgreen
clWebLimeGreen
clWebLime
clWebSpringGreen
clWebMediumSpringGreen
clWebDarkSeaGreen
clWebLightSeaGreen
clWebPaleTurquoise
clWebLightCyan
clWebLightBlue
clWebLightSkyBlue
clWebCornFlowerBlue
clWebDarkBlue
clWebIndigo
clWebMediumTurquoise
clWebTurquoise
clWebCyan
clWebPowderBlue
clWebSkyBlue
clWebRoyalBlue
clWebMediumBlue
clWebMidnightBlue
clWebDarkTurquoise
clWebCadetBlue
clWebDarkCyan
clWebTeal
clWebDeepskyBlue
clWebDodgerBlue
clWebBlue
clWebNavy
clWebDarkViolet
clWebDarkOrchid
clWebMagenta
clWebDarkMagenta
clWebMediumVioletRed
clWebPaleVioletRed
clWebBlueViolet
clWebMediumOrchid
clWebMediumPurple
clWebPurple
clWebDeepPink
clWebLightPink
clWebViolet
clWebOrchid
clWebPlum
clWebThistle
clWebHotPink
clWebPink
clWebLightSteelBlue
clWebMediumSlateBlue
clWebLightSlateGray
clWebWhite
clWebLightgrey
clWebGray
clWebSteelBlue
clWebSlateBlue
clWebSlateGray
clWebWhiteSmoke
clWebSilver
clWebDimGray
clWebMistyRose
clWebDarkSlateBlue
clWebDarkSlategray
clWebGainsboro
clWebDarkGray
clWebBlack
TTimer
TTimer
ExtCtrls
Enabled|
Interval
OnTimerSV
_^[Y]
TCommonDialog
TCommonDialog
Dialogs
Ctl3D nA
HelpContext
OnClose
OnShowSV
_^[Y]
Cancel
Abort
Retry
Ignore
NoToAll
YesToAll
commdlg_help
commdlg_FindReplace
WndProcPtr%.8X%.8X
TClipboard
TClipboardL
Clipbrd
_^[YY]
_^[YY]
_^[Y]
_^[Y]
THintAction
THintAction
StdActns
comctl32.dll
InitializeFlatSB
UninitializeFlatSB
FlatSB_GetScrollProp
FlatSB_SetScrollProp
FlatSB_EnableScrollBar
FlatSB_ShowScrollBar
FlatSB_GetScrollRange
FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollRange
TThemeServices
Theme manager
2001, 2002 Mike Lischke
BDSUnthemedDesigner
comctl32.dll
^[YY]
!"#$%
UhW*C
EMenuError
TMenuBreak
mbNone
mbBreak
mbBarBreak
Menus
TMenuChangeEvent
Sender
TObject
Source
TMenuItem
Rebuild
Boolean
TMenuDrawItemEvent
Sender
TObject
ACanvas
TCanvas
ARect
TRect
Selected
Boolean
TAdvancedMenuDrawItemEvent
Sender
TObject
ACanvas
TCanvas
ARect
TRect
State
TOwnerDrawState
TMenuMeasureItemEvent
Sender
TObject
ACanvas
TCanvas
Width
Integer
Height
Integer
TMenuItemAutoFlag
maAutomatic
maManual
maParent
Menus
TMenuAutoFlag
Menus
TMenuActionLink
TMenuItem
TMenuItem
Menus
Action
AutoCheckd-C
AutoHotkeysd-C
AutoLineReductiond7B
Bitmapx+C
Break
Caption
CheckedX
SubMenuImages
Default
EnabledT
GroupIndex nA
HelpContext
ImageIndex
RadioItemtnA
ShortCut
Visible
OnClick
OnDrawItem|,C
OnAdvancedDrawItem
OnMeasureItem
TMenu
TMenu
Menus
Items
TMainMenu
TMainMenu
Menus
AutoHotkeys
AutoLineReduction
AutoMergeDmA
BiDiModeX
Images
OwnerDraw
ParentBiDiMode
OnChange
TPopupAlignment
paLeft
paRight
paCenter
Menus
TTrackButton
tbRightButton
tbLeftButton
Menus06C
TMenuAnimations
maLeftToRight
maRightToLeft
maTopToBottom
maBottomToTop
maNone
Menus
TMenuAnimation
TPopupMenu
TPopupMenu
Menus
Alignment
AutoHotkeys
AutoLineReduction
AutoPopupDmA
BiDiMode nA
HelpContextX
Images
MenuAnimation
OwnerDraw
ParentBiDiMode
TrackButton
OnChange
OnPopup
TPopupList
TMenuItemStack
1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ
f;B`t
CPPVj
Q<]_^[
SVWUQ
:X?s&
X?ENu
Z]_^[
ShTHC
ShortCutText
Uh~VC
_^[Y]
Uh0[C
_^[Y]
P?:S?u
:^8tA
:^9tf
Q<_^[
:^?t1
f;P`t
:]:tJ
Q<]_^[
@?:F?v
Q<]_^[
Q<_^[
W<CNu
UhOqC
3hpqC
SpFOu
$YZ]_^[
_^[Y]
_^[Y]
SVWUQ
Z]_^[
"hL}C
\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\
Layout File
KbdLayerDescriptor
_^[YY]
S0^[]
_^[Y]
_^[Y]
Ih;J4u
_^[Y]
YZ]_^[
P\YZ_^
S0_^[
YZ]_^[
TScrollBarInc
TScrollBarStyle
ssRegular
ssFlat
ssHotTrack
FormsP
TControlScrollBar
TControlScrollBarP
Forms
ButtonSizel)B
Color
Incrementh
Margin
ParentColor<
Position<
Range
Smooth<
Style<
ThumbSize
Tracking
Visible
TWindowState
wsNormal
wsMinimized
wsMaximized
Forms
TScrollingWinControl
TScrollingWinControl
Forms
OnAlignInsertBefore
OnAlignPositionp
HorzScrollBarp
VertScrollBar
TFormBorderStyle
bsNone
bsSingle
bsSizeable
bsDialog
bsToolWindow
bsSizeToolWin
FormsL
IDesignerHookh
Forms
IOleForm4
Forms
TPopupWndArray
Forms
TFormStyle
fsNormal
fsMDIChild
fsMDIForm
fsStayOnTop
Forms
TBorderIcon
biSystemMenu
biMinimize
biMaximize
biHelp
Forms
TBorderIcons
TPosition
poDesigned
poDefault
poDefaultPosOnly
poDefaultSizeOnly
poScreenCenter
poDesktopCenter
poMainFormCenter
poOwnerFormCenter
Forms0
TDefaultMonitor
dmDesktop
dmPrimary
dmMainForm
dmActiveForm
Forms
TPrintScale
poNone
poProportional
poPrintToFit
Forms
TCloseAction
caNone
caHide
caFree
caMinimize
Forms
TCloseEvent
Sender
TObject
Action
TCloseAction
TCloseQueryEvent
Sender
TObject
CanClose
Boolean
TShortCutEvent
TWMKey
Handled
Boolean
THelpEvent
Command
Integer
CallHelp
Boolean
Boolean
TPopupMode
pmNone
pmAuto
pmExplicit
Forms
TCustomForm
TCustomForm
Forms
Left<
TForm
TForm4
Forms]
ActionH
ActiveControl4
Align
AlphaBlendT
AlphaBlendValue
Anchors
AutoScroll
AutoSizeDmA
BiDiModex
BorderIcons
BorderStyle
BorderWidthd
Caption<
ClientHeight<
ClientWidthl)B
Color
TransparentColorl)B
TransparentColorValued
Constraints
Ctl3D
UseDockManager,
DefaultMonitor
DockSite0
DragKind
DragMode
Enabled
ParentFont$.B
FormStyle<
Height
HelpFilep
HorzScrollBar
KeyPreview
Padding`4C
OldCreateOrder
ObjectMenuItem
ParentBiDiMode<
PixelsPerInchL7C
PopupMenu0
PopupMode
PopupParent
Position
PrintScale
Scaled
ScreenSnap
ShowHint<
SnapBufferp
VertScrollBar
Visible<
WidthX
WindowState
WindowMenu
OnActivate(
OnAlignInsertBefore
OnAlignPosition
OnCanResize
OnClick
OnCloseT
OnCloseQueryx
OnConstrainedResize
OnContextPopup
OnCreate
OnDblClick
OnDestroy
OnDeactivate
OnDockDrop4
OnDockOver
OnDragDrop
OnDragOverp
OnEndDock|
OnGetSiteInfo
OnHide
OnHelp
OnKeyDownL
OnKeyPress
OnKeyUpH
OnMouseActivatel
OnMouseDown
OnMouseEnter
OnMouseLeave
OnMouseMovel
OnMouseUp
OnMouseWheel
OnMouseWheelDown
OnMouseWheelUp
OnPaint
OnResize
OnShortCut
OnShow0
OnStartDock
OnUnDock
TCustomDockFormp
TCustomDockForm
Forms
PixelsPerInch
TMonitor
TScreen
TScreen`
Forms
TPopupFormArray
Forms
TApplication
TApplicationd
Forms
TGlassFramet
TGlassFrameT
Forms
Enabled<
Left<
Right<
Bottom
SheetOfGlass
_^[Y]
t:GNu
^[YY]
;S$t5
;S0t5
]_^[
_^[Y]
_^[Y]
PhH~D
Phd~D
_^[Y]
PixelsPerInch
TextHeight
IgnoreFontProperty
GlassFrame.Bottom
GlassFrame.Enabled
GlassFrame.Left
GlassFrame.Right
GlassFrame.SheetOfGlass
GlassFrame.Top
_^[YY]
;XDuz
S0_^[]
SVWUQ
Z]_^[
t9j7j
;Cpu'
CU t(
YZ_^[
MDICLIENT
_^[Y]
_^[YY]
;ADti
f#CTf
;X0tC
_^[Y]
;BLuy
Uh8#D
_^[YY]
t"GNu
$Z_^[
Uhy+D
_^[YY]
UhC,D
Uhq/D
UhO/D
_^[Y]
Y_^[]
_^[Y]
_^[Y]
_^[YY]
_^[YY]
Uht7D
_^[YY]
_^[Y]
Ch;Ctt
Cd;Cpt
C\_^[
Uh_AD
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
layout text
f;sDt~f
PWj W
_^[YY]
Uh.ID
UhYJD
TApplication
MAINICON
UhPRD
XD;PHu
sx;P`u
;B0uGj
Forms
;p0tQ
;X0uG;u
_^[Y]
Uh5XD
UhW_D
_^[YY]
YZ]_^[
SVWUQ
$Z]_^[
SVWUQ
Z]_^[
UhkjD
_^[YY]
_^[YY]
CHYZ[
Uh)pD
u%htnD
UhYqD
Y_^[Y]
,]_^[
Uh vD
Uh2wD
_^[YY]
SVWUQ
$Z]_^[
YZ]_^[
Shx}D
User32.dll
SetLayeredWindowAttributes
Jt'Jt5
:P(t&
TChangeLink
TImageIndex
TCustomImageList
TCustomImageList
ImgList
Rh_^[
S0_^[]
R ;C0|
R,;C4}!
S`]_^[
Bitmap
_^[Y]
comctl32.dll
comctl32.dll
ImageList_WriteEx
TContainedAction
TContainedAction4
ActnList
Category
TCustomActionList
TCustomActionListX
ActnList
TShortCutList
TShortCutList8
ActnList
TCustomAction
TCustomActionT
ActnList
TActionLinkSV
^[YY]
u*;~8u
R0GNu
YZ]_^[
SVWUQ
S`Z]_^[
QLGNu
R0Z_^[
QPFOu
_^[Y]
$:Cjtc
QTGNu
R0Z_^[
Q`FOu
R0]_^[
$;Ctt?
Q\GNu
R0Z_^[
QhGNu
R0Z_^[
QlGNu
R0Z_^[
SVWQf
QpGNu
R0Z_^[
QtGNu
R0Z_^[
SVWUQ
$Z]_^[
TCursor
TAlign
alNone
alTop
alBottom
alLeft
alRight
alClient
alCustom
Controls
TDragObject
TDragObject
Controls
TBaseDragControlObject
TBaseDragControlObject
Controls
TDragControlObject
TDragControlObjectEx
TDragDockObject
TDragDockObject`
Controls
TDragDockObjectEx
TControlCanvas
TControlCanvas
Controls
TCustomControlAction
TCustomControlActionh
Controls
TControlActionLink
TMouseButton
mbLeft
mbRight
mbMiddle
Controls<
TMouseActivate
maDefault
maActivate
maActivateAndEat
maNoActivate
maNoActivateAndEat
Controls
TDragMode
dmManual
dmAutomatic
Controls
TDragState
dsDragEnter
dsDragLeave
dsDragMove
Controls
TDragKind
dkDrag
dkDock
Controls
TCaption
TAnchorKind
akLeft
akTop
akRight
akBottom
Controls
TAnchors
TConstraintSize
TSizeConstraints
TSizeConstraints<
Controls
MaxHeight
MaxWidth
MinHeight
MinWidth
TMarginSize
TMargins
TMargins
Controls
Left
Right
Bottom
TPadding
TPadding
Controls
Left
Right
Bottom
TMouseEvent
Sender
TObject
Button
TMouseButton
Shift
TShiftState
Integer
Integer
TMouseMoveEvent
Sender
TObject
Shift
TShiftState
Integer
Integer
TMouseActivateEvent
Sender
TObject
Button
TMouseButton
Shift
TShiftState
Integer
Integer
HitTest
Integer
MouseActivate
TMouseActivate
TKeyEvent
Sender
TObject
Shift
TShiftState
TKeyPressEvent
Sender
TObject
TDragOverEvent
Sender
TObject
Source
TObject
Integer
Integer
State
TDragState
Accept
Boolean
TDragDropEvent
Sender
TObject
Source
TObject
Integer
Integer
TEndDragEvent
Sender
TObject
Target
TObject
Integer
Integer
TDockDropEvent
Sender
TObject
Source
TDragDockObject
Integer
Integer
TDockOverEvent
Sender
TObject
Source
TDragDockObject
Integer
Integer
State
TDragState
Accept
Boolean
TUnDockEvent
Sender
TObject
Client
TControl
NewTarget
TWinControl
Allow
Boolean
TStartDockEvent
Sender
TObject
DragObject
TDragDockObject
TGetSiteInfoEvent
Sender
TObject
DockClient
TControl
InfluenceRect
TRect
MousePos
TPoint
CanDock
Boolean
TCanResizeEvent
Sender
TObject
NewWidth
Integer
NewHeight
Integer
Resize
Boolean
TConstrainedResizeEvent
Sender
TObject
MinWidth
Integer
MinHeight
Integer
MaxWidth
Integer
MaxHeight
Integer
TMouseWheelEvent
Sender
TObject
Shift
TShiftState
WheelDelta
Integer
MousePos
TPoint
Handled
Boolean
TMouseWheelUpDownEvent
Sender
TObject
Shift
TShiftState
MousePos
TPoint
Handled
Boolean
TContextPopupEvent
Sender
TObject
MousePos
TPoint
Handled
Boolean
TControl
TControl
Controls
AlignWithMargins<
Left<
Width<
Height
Cursor
Hint<nA
HelpType
HelpKeyword nA
HelpContext
Margins
TWinControlActionLink
TImeName
TBorderWidth
IDockManager4
Controls
TAlignInsertBeforeEvent
Sender
TWinControl
TControl
TControl
Boolean
TAlignPositionEvent
Sender
TWinControl
Control
TControl
NewLeft
Integer
NewTop
Integer
NewWidth
Integer
NewHeight
Integer
AlignRect
TRect
AlignInfo
TAlignInfo
TWinControl
TWinControl
Controls
TCustomControl
TCustomControl
Controls
THintWindow
THintWindow(
Controls
TDockZone
TDockTree
TMouse
crDefault
crArrow
crCross
crIBeam
crSizeNESW
crSizeNS
crSizeNWSE
crSizeWE
crUpArrow
crHourGlass
crDrag
crNoDrop
crHSplit
crVSplit
crMultiDrag
crSQLWait
crAppStart
crHelp
crHandPoint
crSizeAll
crSize
TSiteList
_^[YY]
_^[Y]
S$_^[]
;B0t'
QSVW3
_^[Y]
YZ_^[
YZ]_^[
YZ_^[
t%Jt?Jt[
%s (%s)
Z:Pjt
YZ]_^[
:FauR
;FLt&
R\Z_^[
;CLt_3
YZ_^[
Ql_^[
YZ_^[
YZ_^[
GP t;
_^[YY]
CH+D$
CL+D$
;s0t=;
:_Wt&
R\_^[
f;P|t
KHQRP
Ph`4E
Php4E
^[YY]
IsControl
ExplicitLeft
ExplicitTop
ExplicitWidth
ExplicitHeight
_^[YY]
;Bpt'
_^[YY]
_^[Y]
8]_^[
8]_^[
YZ_^[
UhN6E
^[YY]
Uhl8E
^[YY]
UhKAE
YZ_^[
YZ]_^[
SVWUQ
Z]_^[
Uh&IE
:GauQFKu
_^[Y]
PhDKE
Ph|KE
DesignSize
Rh8OE
YZ_^[
UhdPE
_^[YY]
UhDSE
Uh3SE
_^[Y]
Uhr^E
Uh^bE
_^[YY]
_^[YY]
_^YY]
$Z_^[
_^[YY]
_^[Y]
Uh[sE
^[YY]
t";l$
YZ]_^[
SVWUQ
Z]_^[
SVWUQ
Z]_^[
_^[YY]
;XDt%
SVWUQ
Z]_^[
t)j7j
YZ]_^[
YZ]_^[
R\_^[
YZ]_^[
t4VS
YZ]_^[
YZ]_^[
^[YY]
S8_^[]
_^[Y]
f;Pht
_^[Y]
t9;wlt4
YZ_^[
;Bdt+
;Bh|4
_^[Y]
Y[YY]
t';C8u
QQQQSVW
;Fdu;
;Xdt>
t$;^dt
YZ_^[
Y_^[]
^[YY]
+W$;U
+G$;E
_^[Y]
BP_^[]
USER32
WINNLSEnableIME
imm32.dll
ImmGetContext
ImmReleaseContext
ImmGetConversionStatus
ImmSetConversionStatus
ImmSetOpenStatus
ImmSetCompositionWindow
ImmSetCompositionFontA
ImmGetCompositionStringA
ImmIsIME
ImmNotifyIME
YZ_^[
Delphi%.8X
ControlOfs%.8X%.8X
USER32
AnimateWindow
Jt'Jt5
_^[Y]
TVariantArray
OleServer
TConnectKind
ckRunningOrNew
ckNewInstance
ckRunningInstance
ckRemote
ckAttachToInterface
OleServer
TServerEventDispatch
TOleServer
TOleServer4
OleServer
AutoConnect
ConnectKind
RemoteMachineName
IMessengerd
MessengerAPI_TLB"
IMessenger2
MessengerAPI_TLB
IMessenger3
MessengerAPI_TLB
CoMessengerU
SVWUQ
Z]_^[
TGdiplusBase
TGPImage
TGPBitmap
TGPGraphicsRP
_^[Y]
_^[Y]
_^[Y]
image/jpeg
image/bmp
ESocketError
TBaseSocket
TBaseSocket$
Sockets
TSocketHost
TSocketPort
TIpSocket
TIpSocket$
Sockets
TCustomIpClientl
TCustomIpClient
Sockets
%d.%d.%d.%d
0.0.0.0
WSAStartup
WSACleanup
kernel32.dll
CreateToolhelp32Snapshot
Heap32ListFirst
Heap32ListNext
Heap32First
Heap32Next
Toolhelp32ReadProcessMemory
Process32First
Process32Next
Process32FirstW
Process32NextW
Thread32First
Thread32Next
Module32First
Module32Next
Module32FirstW
Module32NextW
PSAPI.dll
EnumProcesses
EnumProcessModules
GetModuleBaseNameA
GetModuleFileNameExA
GetModuleBaseNameW
GetModuleFileNameExW
GetModuleInformation
EmptyWorkingSet
QueryWorkingSet
InitializeProcessForWsWatch
GetMappedFileNameA
GetDeviceDriverBaseNameA
GetDeviceDriverFileNameA
GetMappedFileNameW
GetDeviceDriverBaseNameW
GetDeviceDriverFileNameW
EnumDeviceDrivers
GetProcessMemoryInfo
TByteArray
UntRC4
_^[YY]
_^[YY]
t:HtVH
r=Ht:
_^[YY]
_^[Y]
TSearchThreadU
Uh_ F
Uh? F
Uh9!F
TApplication
Uh}"F
_AMMediaTypeH
_PinInfo
IPin4
DirectShow9
IFilterGraph4
DirectShow9
IMediaFilterx
DirectShow9
IBaseFilter4#F
DirectShow9
IGraphBuilder
DirectShow9
ICaptureGraphBuilder24
DirectShow9
IAMStreamConfig4
DirectShow9
IAMVideoProcAmp4
DirectShow9
IKsPropertySet4
DirectShow9
IMediaControld
DirectShow9
IMediaEventd
DirectShow9
IMediaEventEx
DirectShow9
IVideoWindowd
DirectShow9'
ISampleGrabberCB4
DirectShow9
ISampleGrabber4
DirectShow9
TSampleGrabberCBInt
VSample
TSampleGrabberCBImpl
TSampleGrabberCB
VSample0(F
TVideoSample
QQQQQQQSV
QQQQSVW
UhX+F
Uh#2F
UhL4F
R8RPS
R8RPS
_^[YY]
_^[Y]
MJPGte
YUY2t
YUNVt
YUYVu
;B(t8
I420t
YV12t
Uhe;F
Uht=F
_^[YY]
VFrames
TVideoImage
_^[Y]
Whd?F
NewFrame
_^[Y]
UhFDF
Ph0>F
QQQQQSVW
=YUY2
r*-H420to-
-YUNVt=-
Unknown compression
DataSize:
FourCC:
_^[YY]
TDCWebCam
^[YY]
_^[YY]
Uh]PF
Uh[QF
Uh2QF
UhURF
Uh#RF
127.0.0.1
Uh0SF
BuildImportTable: can't load library:
BuildImportTable: ReallocMemory failed
BuildImportTable: GetProcAddress failed
_^[YY]
FinalizeSections: VirtualProtect failed
BTMemoryLoadLibary: dll dos header is not valid
BTMemoryLoadLibary: IMAGE_NT_SIGNATURE is not valid
BTMemoryLoadLibary: VirtualAlloc failed
BTMemoryLoadLibary: BuildImportTable failed
BTMemoryLoadLibary: Get DLLEntyPoint failed
BTMemoryLoadLibary: Can't attach library
BTMemoryGetProcAddress: no export table found
BTMemoryGetProcAddress: DLL doesn't export anything
BTMemoryGetProcAddress: exported symbol not found
BTMemoryGetProcAddress: name <-> ordinal number don't match
SVWUQ
Z]_^[
Uh)aF
TList
TACMConvertor
_^[Y]
TACMIn
TPUtilWindow
UhqjF
Uh;oF
-.-.-.-
need dictionary
stream end
file error
stream error
data error
insufficient memory
buffer error
incompatible version
1.2.3
1.2.3
SVWUQ
Z]_^[
SVWUQ
Z]_^[
SVWUQ
Z]_^[
SVWUQ
Z]_^[
SVWUQ
Z]_^[
Xp;\$
{8+{p+{h
;ChwpV
)sl)sh)kX
$;4$w
$;4$w
Z]_^[
Kh+KX
Kh+KX
Kh+KX
Sh#S0f
S\)Sp
K\;K|wY
Kh#K0
Kh+KX
Kh+KX
Sh#S0f
Kt;K|sy
Kh+Kl
StJ)Sp
Kh;L$
Kh#K0
Kh+KX
Kh+KX
Kh+KX
YZ_^[
D$(#D$8
l$()t$,
t:;t$,v
J#T$(
l$()t$,
L$(#L$<
l$()t$,
;t$,v:
;t$,v
l$()t$,
`;t$ v?
+t$ ;
T$$J;D$ v0
J#T$(
J#T$(
@H$,I
@L$4I
K,;K$u
S(;S$s
t^;|$
Vd;VXr
F`;Fd
L$%#T$
D$ t
D$ @t
L$%#T$
D$ @t
F,;D$
F$+D$
V<;T$
,]_^[
SVWUQ
Z]_^[
SVWUQ
Z]_^[
L$$t^
(]_^[
(]_^[
^[YY]
_^[YY]
TDataThread
TDumpThread
127.0.0.1:1604
#KCMDDC51#-
Unknow
5.3.0
cmd.exe
Unknow
Not Available
Removable
Fixed
Network
CD-ROM
WinDrive
Shell_traywnd
TrayNotifyWnd
TrayClockWClass
Shell_traywnd
TrayNotifyWnd
TrayClockWClass
Shell_traywnd
TrayNotifyWnd
Shell_traywnd
TrayNotifyWnd
Shell_traywnd
ReBarWindow32
Shell_traywnd
ReBarWindow32
Progman
Progman
REG_SZ
REG_DWORD
REG_EXPAND_SZ
REG_BINARY
Maximized
Normal
Minimized
Show/Unactive
Normal/Unactive
Maximized
Normal
Minimized
Show/Unactive
Normal/Unactive
False
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\
HKCU\
SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
command
SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
location
SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
tcHt(Ht3
_^[YY]
Unknow
Offline
Online
Invisible
Be Right Back
On The Phone
Out to lunch
tjHt+Ht7
Offline
Online
Invisible
Be Right Back
On The Phone
Out to lunch
\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
AppData
\uTorrent\
*.torrent
Software
Microsoft
Windows
CurrentVersion
Policies
System
DisableTaskMgr
Button
Shell_TrayWnd
Shell_TrayWnd
Shell_TrayWnd
set cdAudio door open
Shell_TrayWnd
BUTTON
^[YY]
System\CurrentControlSet\Services\
Description
UNKNOW
STOPED
RUNNING
PAUSED
STARTED
STOPED_P
CONTINUE_P
PAUSED_P
_^[Y]
System\CurrentControlSet\Services\
Description
Software
Microsoft
Windows
CurrentVersion
Policies
System
DisableTaskMgr
Software
Microsoft
Windows
CurrentVersion
Policies
System
DisableRegistryTools
Software
Microsoft
Windows
CurrentVersion
Policies
System
EnableLUA
Software
Microsoft
Security Center
AntiVirusDisableNotify
SYSTEM
CurrentControlSet
Services
SharedAccess
Parameters
FirewallPolicy
StandardProfile
EnableFirewall
SYSTEM
CurrentControlSet
Services
SharedAccess
Parameters
FirewallPolicy
StandardProfile
DisableNotifications
UhE"G
SYSTEM
CurrentControlSet
Services
wscsvc
Start
Uh'#G
Software
Microsoft
Security Center
UpdatesDisableNotify
UhO$G
Software
Microsoft
Windows
CurrentVersion
Policies
Explorern
NoControlPanel
Uho%G
Software
Microsoft
Security Center
AntiVirusDisableNotify
Uhm&G
SYSTEM
CurrentControlSet
Services
wscsvc
Start
UhO'G
Software
Microsoft
Security Center
UpdatesDisableNotify
Uhw(G
Software
Microsoft
Windows
CurrentVersion
Policies
Explorern
NoControlPanel
Uhi)G
drivers\etc\hosts
drivers\etc\hosts
I wasn't able to open the hosts file, maybe because UAC is enabled in remote computer!
6h 1G
6h<1G
6hP1G
6hp1G
6h01G
IP :
IP Mask :
Broadcast adress :
Status : UP
Status : DOWN
Broadcasts : YES
Broadcasts : NO
Loopback interface
Network interface
Uh93G
Uh84G
Uh%5G
QQQQQQQSVW
Uh_7G
Uh%7G
W CNu
TByteArray
UntFWB
Uh':G
^[YY]
\Internet Explorer\iexplore.exe
UhG;G
explorer.exe
QQQQQQQQS3
$YZ_^[
t"+G4PWV
wlanapi.dll
WlanOpenHandle
WlanCloseHandle
WlanEnumInterfaces
WlanQueryInterface
WlanGetAvailableNetworkList
t;NtGNtSNt_
80211_OPEN
80211_SHARED_KEY
WPA_PSK
WPA_NONE
RSNA_PSK
IHV_START
IHV_END
Nt Nt,
tSNt_
WEP40
WEP104
WPA_USE_GROUP OR RSN_USE_GROUP
IHV_START
IHV_END
SVWUh
SVWUQ
TVUWS
Z]_^[
UhFRG
F(j`j
notepad
kernel32.dll
user32.dll
Sleep
MessageBoxA
ExitThread
DeleteFileA
GetLastError
TerminateProcess
CloseHandle
OpenProcess
GetExitCodeProcess
LoadLibraryA
kernel32
GetProcAddress
Uh)XG
F|h$YG
notepad
DCPERSFWBP
kernel32.dll
user32.dll
Sleep
MessageBoxA
CreateProcessA
GetLastError
SetLastError
CreateMutexA
CloseHandle
ExitThread
OpenProcess
TerminateProcess
GetExitCodeProcess
WaitForSingleObject
LoadLibraryA
kernel32
GetProcAddress
user32
TUploadFTP
UhQZG
Uh5[G
QQQQQSVW
Uhv]G
UhG]G
cmd.exe
notepad.exe
INSTALL
KEYNAME
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
notepad
^[YY]
UhX_G
^[YY]
Vh|1H
Shh4H
PhX8H
Ph #H
IDTYPE
SERVER
%ShortCut#
RELATEDCMD
GetSIN
64 bit
32 bit
infoes
RefreshSIN
backinfoes
RunPrompt
GetDrives
Drives
GetSrchDrives
SrchDrives
GETMONITORS
RESMON
BROWS
1SCDesktop
FMGRSC
1SCMydocs
CloseServer
notepad.exe
RestartSocket
RestartServer
ping 127.0.0.1 -n 4 > NUL && "
RunSelectedAsAdmin
FILM003
RunSelectedShow
FILEM004
RunSelectedHidden
AddSize
DeleteFiles
SendFilesToTrash
EmptyBin
AttribNormal
AttribHidden
AttribRO
AttribSystem
AttribArchive
AttribTemp
GetFileAttrib
Hiden
Read-Only
Archive
System
ResultAttrib
File Attrib : [
PastMultiVM
RefreshList
CutMultiFiles
ShortCut
RenameFile
FILEM007
MoveFold
FILEM006
MkeDir
FILEM002
DelDir
rmdir "
" /s /q
HideFolder
ShowFolder
GetMo
NETDRV
REFRESHPROC
PROCESS
REFRESHMODS
MODULES
KillProcess
SuccesProc
KILLPID
KillSProcess
RgBro
DRVal
DRKey
CRKey
CRVal
HKNewInt
HKNewExpandString
GetWindow
CloseW
Maximize
Minimize
HideW
ShowW
ChangeWindowName
GetAppList
DeleteReg
RenAppReg
UninstallAPP
GetServList
StartServices
StopServices
RemoveServices
InstallService
GetStartUpList
DelMSKey
CleanMsConfig
InstallHKEY
MSNONLINE
MSNBUSY
MSNAWAY
MSNOFFINE
MSNSIGNOUT
GETMSNINFO
MSNINFO
GetMsnList
DelContact
AddContact
BlockContact
UnBlockContact
ActiveOnlineKeylogger
UnActiveOnlineKeylogger
GETLOGSHISTORY
KeylogOn
dclogs\
ActiveOfflineKeylogger
UnActiveOfflineKeylogger
ActiveOnlineKeyStrokes
UnActiveOnlineKeyStrokes
GetOfflineLogs
Shutdown
RestartComp
LogOffComp
PowerOff
ScreenSaver
LockComp
GetFullInfo
OFFLINEK
GetSystemInfo
OpenWebPage
PrintText
tmpprint.txt
print
RefreshClipboard
GetClipT
GetClipF
SendYourClipboard
ToGetClipT
WriteClip
ClearC
GetTorrent
ListCam
DISPCAMS
GetPrivilege
HideDeskTop
ShowDeskTop
HideClock
ShowClock
HideTaskBarIcons
ShowTaskBarIcons
HideSystemTrayIcons
ShowSystemTrayIcons
HideTaskBar
ShowTaskBar
HideStartButton
ShowStartButton
DisableStartButton
EnabledStartButton
DisabledTaskManager
EnabledTaskManager
OpenCD
CloseCD
Set cdaudio door closed wait
SvrUninstall
URLUpdate
TraceRoute
TraceResult
#GetClipboardText
#SendClip
#SendTaskMgr
taskmgr
#FreezeIO
#UnFreezeIO
MSGBOX
GetMiniWind
Redirection
#BOT#VisitUrl
#BOT#OpenUrl
HTTP://
http://
BTRESULTOpen URL|
is now open!|
#BOT#Ping
BTRESULTPing|Respond [OK] for the ping !|
#BOT#RunPrompt
BTRESULTRun command|
Command successfully executed!|
#BOT#CloseServer
BTRESULTClose Server|close command receive, bye bye...|
#BOT#SvrUninstall
BTRESULTUninstall|uninstall command receive, bye bye...|
#BOT#URLUpdate
BTERRORUpdate from URL| Error on downloading file check if you type the correct url...|
BTRESULTUpdate from URL|Update : File Downloaded , Executing new one in temp dir...|
#BOT#URLDownload
RPCLanScan
GateWay
GetActivePorts
out.txt
tmp.txt
Error
netstat -a -n -o
DDOSHTTPFLOOD
DDOSSYNFLOOD
DDOSUDPFLOOD
[ChangeID]
GENCODE
#GetScreenSize
#RemoteScreenSize
%IPPORTSCAN
Md5GetFromFile
md5result
WallPaper
FILEM005
WavPlay
HWINDSENDTEXT
SpeakerVoice
SAPI.SpVoice
Speak
SPKOK
GetHostsFile
GETDRIVEINFO
DELETELOG
REFRESHLOGS
PREVIEWF
ADDSOCKS5
SOCKS5FLUSH
SOCKS5CLOSE
DOWNLOADFILE
DOWNLOADFOLDER
DWNFOLDERRES
UPFLUX
UPLOADFILE
SEARCHFILES
STOPSEARCH
ACTIVEREMOTESHELL
DOSCAP
SUBMREMOTESHELL
KILLREMOTESHELL
DESKTOPCAPTURE
DESKTOPSTOP
WEBCAMLIVE
WEBCAMSTOP
DESKTHMB
REFRESHWIFI
SOUNDCAPTURE
SOUNDSTOP
QUICKUP
PLUGIN
PASSWORD
CHATOUT
CHATNUDGE
CLOSECHAT
FTPFILEUPLOAD
URLDOWNLOADTOFILE
OFFLINEK
Unknow
TQuickTransfer
UPLOADEXEC
BATCH
UPDATE
UPANDEXEC
HOSTS
drivers\etc\hosts
SOUND
EDITSVR
GENCODE
PASSWORD
DCSC_GRABPWDS
DCSC_INITCHAT
DCSC_POSTDATA
DCSC_CHATNUDGE
DCSC_DESTROYCHAT
DCSC_CHATRELOAD
PLUGIN
QUICKUP
FILEEND
TScreenThumb
THUMB
TReceiveDataFlux
UPFLUX
TSendFileThreadU
FILETRANSFER
FILEBOF
FILEERR
FILEEOF
FILEEND
TReceiveFileThread
UPLOADFILE
FILEBOF
FILEEOF
FILEEND
FILEERR
QQQQQQSV
_^[Y]
FTPPORT
FTPPASS
FTPUSER
FTPHOST
FTPROOT
dclogs\
dclogs\
:: Clipboard Change : size =
Bytes (
FTPUPLOADK
FTPSIZE
\newl\
\space\
ONLINESTROKES\newl\::
ONLINESTROKES
[ESC]
[NUM_LOCK]
[DEL]
[INS]
[SNAPSHOT]
[LEFT]
[RIGHT]
[DOWN]
dclogs\
UhB!H
_^[YY]
0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ/*-+.=
UhU$H
BTRESULTUDP Flood|UDP Flood task finished!|
UhB%H
_^[YY]
0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ/*-+.=
Sh0&H
BTRESULTSyn Flood|Syn task finished!|
TScan
TScanRange
PortScanAdd
Uh.,H
Vh4+H
LanErr
127.0.0.1
LanList
LanErr
Uhs1H
DATAFLUX
TVisitThread
Uh06H
myappname
BTRESULTVisit URL|finished to visit
Times.
BTERRORVisit URL|An exception occured in the thread|
POST /index.php/1.0
Host:
BTRESULTHTTP Flood|Http Flood task finished!|
^[YY]
UntProcess
Uhb>H
SYSERRNot a valid range set!
SYSERRCannot open remote process for reading..
SYSERRCannot create the output file!
SYSINFORemote process (
) successfully dump in
UhuBH
Normal
Hight
Real Time
> of the Normal
< of the Normal
Uh{DH
ACCESS DENIED (x64)
TDownloaderThreadU
Ph(KH
Mozilla
UhkMH
BTRESULTMass Download|Downloading File...|
DownloadSuccess
DownloadFail
BTRESULTDownload File|Mass Download : File Downloaded , Executing new one in temp dir...|
BTERRORDownload File| Error on downloading file check if you type the correct url...|
UhfOH
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
UhVSH
Uh*SH
Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit
UserInit
QQQQS3
Software\Microsoft\Windows NT\CurrentVersion\Winlogon
UserInit
UhUWH
TAsyncTask
Uh9YH
Vh|1H
out.txt
tmp.txt
Error
systeminfo
SYSINFO
TMain
TSoundCapture
Uh(_H
Uhr`H
SOUND
EndReceive
TKeepAlive
Uh*dH
#KEEPALIVE#
TConnectionHandler
TSocks5Config
UhFpH
OK|Successfully started..|
ERR|Socket error..|
ERR|Cannot listen to port, try another one..|
QQQQQSVW
UhhtH
UhFtH
QQQQQQQSVW
UhqvH
UhOvH
QQQQQQQQSVW3
UhexH
Uh-xH
Vh,nH
SOCKS5STATUS
TCaptureWebcam
CAMERA
#CAMEND
ENDSNAP
TScreenCapture
DESKTOP
ENDSNAP
TInputsControl
CONTROLIO
XWHEEL
XLEFT
XRIGHT
MONSIZE
DISPLAY
MONSIZE0x0x0x0
DEFAULT MONITOR (DISPLAY)
t5Ht8
cmd.exe
taskmgr.exe
image/jpeg
QQQQQSVW
t%OtB
TSendDataFluxThread
DATAFLUX
TRemoteShell
COMSPEC
^[YY]
TPlugThread
_^[YY]
0123456789ABCDEFGHJKLMNPQRSTUVWXYZ
^[YY]
^[YY]
^[YY]
cmd.exe
Control Panel\Desktop
Wallpaper
net start uxsms
net stop uxsms
ujTj(
SeShutdownPrivilege
runas
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
DisplayName
DisplayVersion
InstallLocation
Publisher
UninstallString
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
OpenProcessToken error
GetTokenInformation error
BlockInput
USER32.DLL
_^[YY]
Software
DC2_USERS
_^[YY]
Software
DC2_USERS
CTRLA
CTRLV
CTRLC
CTRLX
CTRLP
CTRLZ
CTRLY
CTRLF
{n/a}
Default
Limited
unknow
QQQQQQSVW
Days and
QQQQQQSVW
DBIND
Software
DC3_FEXEC
Unknow
_^[YY]
Software
DC3_FEXEC
Bytes
_DCEntryPoint
QQQQQQQQSVW
DPLUG
Local drive (default)
%.4x:%.4x
_^[Y]
IsWow64Process
kernel32
HARDWARE\DESCRIPTION\System
SystemBiosDate
HARDWARE\DESCRIPTION\System
Identifier
HARDWARE\DESCRIPTION\System\CentralProcessor\0
Identifier
HARDWARE\DESCRIPTION\System\CentralProcessor\0
VendorIdentifier
Unknow
Windows NT 4.0
Windows 2000
Windows XP
Windows Server 2003
Windows Vista
Windows 7
Windows 95
Windows 98
Windows Me
H]_^[
S-%u-
0x%.2x%.2x%.2x%.2x%.2x%.2x
memory allocation failed!
%.2x-%.2x-%.2x-%.2x-%.2x-%.2x
_^[YY]
TServerReaderU
_^[Y]
#32770
SysListView32
KEYNAME
KEYNAME
TaskbarCreated
Delphi Picture
Delphi Component
TaskbarCreated
DCDATA
GENCODE
NETDATA
Guest
MUTEX
DCMUTEX
EDTPATH
COMBOPATH
INSTALL
KEYNAME
CHANGEDATE
EDTDATE
FAKEMSG
MSGICON
MSGTITLE
MSGCORE
OVDNS
FILEATTRIB
DIRATTRIB
CHIDEF
attrib "
" +s +h
CHIDED
PLUGS
notepad
PERSINST
MULTIBIND
MULTIPLUGS
Error
Runtime error at 00000000
0123456789ABCDEF
MS Sans Serif
0123456789abcdef
pvids
1.2.3
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
invalid distance too far back
invalid distance code
invalid literal/length code
1.2.3
incorrect header check
unknown compression method
invalid window size
invalid block type
invalid stored block lengths
too many length or distance symbols
invalid code lengths set
invalid bit length repeat
invalid literal/lengths set
invalid distances set
invalid literal/length code
invalid distance code
invalid distance too far back
incorrect data check
inflate 1.2.3 Copyright 1995-2005 Mark Adler
1.2.3
E`E`E`E`E`E`E`E`E`E`E`E`E`E`E`E`E
E`E`E`E`E`E`E`E`
dElElElElElElElEl
#@#@#
oleaut32.dll
SysFreeString
SysReAllocStringLen
SysAllocStringLen
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
user32.dll
GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
kernel32.dll
GetACP
Sleep
VirtualFree
VirtualAlloc
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
kernel32.dll
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
user32.dll
CreateWindowExA
mouse_event
keybd_event
WindowFromPoint
WaitMessage
VkKeyScanA
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
ToAscii
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxA
MapWindowPoints
MapVirtualKeyA
LockWorkStation
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsClipboardFormatAvailable
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextLengthA
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessagePos
GetMessageA
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastInputInfo
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowExA
FindWindowA
FillRect
ExitWindowsEx
EqualRect
EnumWindows
EnumThreadWindows
EnumDisplayDevicesA
EnumClipboardFormats
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout
gdi32.dll
UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
RectVisible
RealizePalette
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
ExtTextOutA
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
BitBlt
version.dll
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
kernel32.dll
lstrcpyA
WriteProcessMemory
WriteFile
WinExec
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQuery
VirtualProtectEx
VirtualProtect
VirtualFreeEx
VirtualFree
VirtualAllocEx
VirtualAlloc
VerLanguageNameA
UnmapViewOfFile
TerminateProcess
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetThreadContext
SetLastError
SetFileTime
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadProcessMemory
ReadFile
PeekNamedPipe
OpenProcess
MultiByteToWideChar
MulDiv
MoveFileA
MapViewOfFile
LockResource
LocalFileTimeToFileTime
LocalAlloc
LoadResource
LoadLibraryA
LeaveCriticalSection
IsBadReadPtr
InitializeCriticalSection
HeapFree
HeapAlloc
GlobalUnlock
GlobalMemoryStatus
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetWindowsDirectoryA
GetVolumeInformationA
GetVersionExA
GetVersion
GetUserDefaultLangID
GetTickCount
GetThreadLocale
GetThreadContext
GetTempPathA
GetSystemPowerStatus
GetSystemDirectoryA
GetStdHandle
GetProcessHeap
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileTime
GetFileSize
GetFileAttributesA
GetExitCodeThread
GetExitCodeProcess
GetEnvironmentVariableA
GetDriveTypeA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameA
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitThread
ExitProcess
EnumResourceNamesA
EnumCalendarInfoA
EnterCriticalSection
DosDateTimeToFileTime
DeleteFileA
DeleteCriticalSection
CreateThread
CreateRemoteThread
CreateProcessA
CreatePipe
CreateMutexA
CreateFileMappingA
CreateFileA
CreateEventA
CreateDirectoryA
CopyFileA
CompareStringA
CloseHandle
advapi32.dll
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegOpenKeyA
RegFlushKey
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyA
RegCloseKey
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueA
LookupPrivilegeNameA
LookupPrivilegeDisplayNameA
LookupAccountSidA
IsValidSid
GetUserNameA
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
GetCurrentHwProfileA
AdjustTokenPrivileges
wsock32.dll
__WSAFDIsSet
WSACleanup
WSAStartup
WSAGetLastError
gethostname
getservbyname
gethostbyname
gethostbyaddr
socket
shutdown
sendto
select
ntohs
listen
ioctlsocket
inet_ntoa
inet_addr
htons
getsockname
connect
closesocket
accept
kernel32.dll
Sleep
ole32.dll
CoTaskMemFree
StringFromCLSID
shell32.dll
ShellExecuteExA
ShellExecuteA
SHGetFileInfoA
SHFileOperationA
DragQueryFileA
oleaut32.dll
GetErrorInfo
GetActiveObject
SysFreeString
ole32.dll
CoTaskMemFree
CLSIDFromProgID
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID
URLMON.DLL
URLDownloadToFileA
oleaut32.dll
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
comctl32.dll
_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
wininet.dll
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpQueryInfoA
FtpPutFileA
shell32.dll
SHGetSpecialFolderLocation
SHGetPathFromIDListA
winmm.dll
waveInUnprepareHeader
waveInStart
waveInReset
waveInPrepareHeader
waveInOpen
waveInClose
waveInAddBuffer
PlaySoundA
mciSendStringA
netapi32.dll
Netbios
gdiplus.dll
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipSaveImageToStream
GdipDisposeImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
advapi32.dll
StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
EnumServicesStatusA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
msacm32.dll
acmStreamUnprepareHeader
acmStreamPrepareHeader
acmStreamConvert
acmStreamReset
acmStreamSize
acmStreamClose
acmStreamOpen
ntdll.dll
NtQuerySystemInformation
netapi32.dll
NetApiBufferFree
NetShareGetInfo
NetShareEnum
WS2_32.DLL
WSAIoctl
SHFolder.dll
SHGetFolderPathA
ntdll
NtUnmapViewOfSection
user32.dll
EnumDisplayMonitors
GetMonitorInfoA
SHELL32.DLL
SHEmptyRecycleBinA
AVICAP32.DLL
capGetDriverDescriptionA
0(0<0T0h0|0
1!141d1s1
2 2$2(2,2F2N2V2^2f2n2v2~2
3&3.363>3F3N3V3^3f3n3v3~3
6%6H6b6x6
7!7&7K7T7g7r7}7
:):0:
;*;=;J;g;p;
;9<C<Z<
=2=;=y=
>U>_>v>
?+?\?f?l?
1k1{1
132C2
6+616I6V6^6g6u6
9N:}:
>3>^>
?"?C?\?u?
5 6'6.6
7:8B8
9Y9H;
=4>k>
30O1g1x1
4Q4a4w4
9.:B:J:`:x:
;';W;
<&<}<
=!=J=S=
;0c0j0
1!1,1=1|1
2l2t2
3!3/3J3_3i3n3
354>4C4e4r4
5$5a6}6
:]<{<
>=?N?
3+4^4
6"6*6R6|6
748J8R8Z8b8j8r8z8
9"9*929:9B9J9R9Z9b9j9r9
:":*:2:::B:J:R:Z:b:j:r:z:
;";*;2;:;B;J;R;Z;b;j;r;z;
<"<*<2<:<B<J<R<Z<b<j<r<z<
="=*=2=:=B=J=R=Z=b=j=r=z=
>">*>2>:>B>J>R>Z>b>j>r>z>
?"?*?2?:?B?J?R?Z?b?j?r?z?
0"0*020:0B0J0R0Z0b0j0r0z0
1"1*121:1B1J1R1Z1b1j1r1z1
2"2*222:2B2J2R2Z2b2j2r2z2
3"3*323:3B3J3R3Z3b3j3r3z3
4"4*424:4B4J4R4Z4b4j4r4z4
5"5*525:5B5J5R5Z5v5
7B7J7R7Z7b7j7r7z7
8 8([email protected]`8h8p8x8
9 9([email protected]`9h9p9x9
: :(:0:8:@:H:P:X:`:h:p:x:
;(;@;H;T;h;p;t;x;|;
<$<,<0<4<8<<<@<D<H<L<`<
=4=<[email protected]=D=H=L=P=T=X=\=l=
>$>D>L>P>T>X>\>`>d>h>l>|>
?0?P?X?\?`?d?h?l?p?t?x?
0 0$0(080X0`0d0h0l0p0t0x0|0
1 1$1(1,101D1d1l1p1t1x1|1
2$2(2,2024282<[email protected]\2|2
4$4D4L4P4T4X4\4`4d4h4l4
5 5$545T5\5`5d5h5l5p5t5x5|5
6 6$6(6,606
7\7|7
071H1^1
6^;s;~;
=!=%=)=-=1=
224G4R5
838=8
2$2a2e2i2m2q2u2y2}2
3%494M4~4
536o6
6&797l7
8$8D8
8(9&:
=/=_=
>0>x>
4#4F4s4x4
4#5-5S5o5
686J6
687m7
9C9H9P9z9
9I:S:
=#=*=B=I=\=t=
>0>?>S>
031]1
2"2'2-22282=2C2J2P2U2[2`2f2m2s2~2
20393B3H3Y3d3i3
3-4P4m4
;R;W;e;n;
<-<H<Q<l<
=6=?=S=a=u=
>&>6>>>S>[>x>
0%1c1m1
2&3C3
3A4F4
9&:7:Z:t:
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
< <$<,<0<8<<<D<H<P<T<\<`<h<l<t<x<
= =(=,[email protected]=D=L=P=X=\=d=h=p=t=|=
>%>/>9>D>N>Y>c>n>x>
?&?.?6?>?F?N?T?m?x?
0&0.060>0F0N0V0
0&1\1i1
142A2j2
3,3a3
5)5/545?5E5J5U5[5`5k5q5v5
6!6&61676<6G6M6R6]6c6h6s6y6~6
8N8R8V8n8|8
90949H9h9p9t9x9|9
:0:8:<:@:D:H:L:P:T:X:t:
; ;<;\;d;h;l;p;t;x;|;
<(<0<4<8<<<@<D<H<L<P<p<
=<=\=d=h=l=p=t=x=|=
>*>A>s>
?1?c?
0!0N0
1+1:1Q1`1w1
282G2^2
2"3Y3g3v3
:$;I;p;
<-<z<
<u=y=}=
1'1+1/13171;1?1C1G1K1O1S1W1[1_1c1g1k1o1s1w1{1
2K3O3S3W3[3_3c3g3k3o3s3w3{3
5(6V6
9%:g:
:&;?;Z;
<#<'<+</<3<7<;<?<C<G<K<d<
>#>'>+>/>3>7>;>?>C>G>K>O>S>W>[>_>c>g>k>o>
0&1?1W1
2"2&2*292v2
424J4b4)5M5
5:6S6l6
7 7$7(7,7074787<[email protected]
9e9j:n:r:v:z:~:
=<>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
0"0&0*0.02060:0>0B0F0J0N0R0V0Z0
434E4
999q9
9$:^:z:~:
="=&=*=.=2=6=:=>=B=F=J=N=R=V=*?
0Q0j0
0*1G1}1
4 4$4(4,4044484<[email protected]\4`4d4h4<6
7'8v8
88=W=o=
> >2>
?&?+?
2O2^2k2v2
233?3K3U3_3i3t3~3
4$4,444<4D4L4T4\4d4l4t4|4
4d5y5
6f7r8
;4;8;<;@;D;H;
=#=5=D=\=
> ><>T>t>
?4?<[email protected]?D?H?L?P?T?X?\?t?
0(0H0P0T0X0\0`0d0h0l0p0
1 101P1X1\1`1d1h1l1p1t1x1
2 2$2(2,[email protected]`2h2l2p2t2x2|2
3 3$3(3,3034383<[email protected]|3
40484<[email protected]\4`4d4h4t4
5 505<[email protected]\5`5d5h5l5p5t5~5
6 60686<[email protected]\6`6d6h6v6
7$7(7,7074787<[email protected]\7`7d7h7l7p7t7x7|7
8)848D8T8\8`8d8h8l8p8t8x8|8
9$95999L9l9t9x9|9
: :4:@:T:\:`:d:h:l:p:t:x:|:
; ;8;X;`;d;h;l;p;t;x;|;
<&<<<\<d<h<l<p<t<x<|<
<n=r=v=z=~=
> >$>(>,>0>4>8><>P>p>x>|>
?0?8?<[email protected]?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
0 0$0(0,0004080<[email protected]}0
191H1L1T1X1d1h1p1t1x1|1
2 2$2(2,20242D2T2X2h2
3(383D3H3P3T3X3\3`3d3h3l3p3t3x3|3
5$5,5054585<[email protected]^6
:";4;K;
>8>=>
?J?e?t?
0,0;0F0X0n0s0
1*171F1X1]1|1
2p2|2
4)444[4
596e6r6
838M8_8
:!;N;
;2<R<
262c2
445J5
8l9~9
9':D:y:
:Y;w;
<2<[<
=T=j=
>E?m?
71888
9^9e9
=!=B=?>Q>n>
?"???
2r3y3
4$4(4,4044484<[email protected]^4t4
6^7k7v7
919=9L9
94:9:X:i:
<m=|=
171`1
1C2\2q2
7.7}7
7M8t8
:a;h;z;~;
=U=o=
>$>O>t>
80<0_0c0
1I1~1
252y2
3#3'3
787K7
=#='=+=/=3=7=;=?=C=G=K=O=S=W=[=h>
091X1h1u1
1/2A2H2v2
3*3.32363:3>3B3F3J3N3R3V3Z3^3b3f3j3n3r3v3z3~3
7'777=7Q7[7i7y7
8+8;8
8M9j9o9
9X:~:
;5<L<u<
>,>M>R>l>q>
4h5o5
<1=`=
.030E0
0"1*1H1M1V1\1q1
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4T4\4d4l4t4|4
4#5/565A5S5d5
6?6F6
132:2
2#3c3
4D4g4
627e7
8+979>9I9[9l9
: :$:(:H:a:
; ;8;
;\<v<
= =$=(=,=4=H=]=a=t=
>$>/>3>D>H>L>f>n>
?+?/?3?L?\?l?t?x?|?
0*0.020L0\0l0t0x0|0
1 10181<[email protected]\1`1d1h1l1p1|1
2`2d2h2l2p2
3 3$3(3,3034383<[email protected]\3j3n3
4 4$4(4,4044484<[email protected]`4d4t4
5 5$5(5,5054585<[email protected]
6'6+6<6\6d6h6l6p6t6x6|6
7 7$7(7,7074787<[email protected]
8 8$8(8,8084888<[email protected]\8`8d8h8l8p8t8x8|8
9$9<9X9\9d9h9l9p9t9x9|9
;8<r<
<'=R=b=
C2S2K4[4v4=5B5G5[5
6Q6n6
7 7Y7w7
838B8{8
8!9&9F9W;\;
<&<C<
=#=A=w=|=#>(>_>
>R?b?t?
001D1Q1e1r1
1C2Q2
6"6a6
6!7F7X7d7s7
8 8'8
:%:3:B:Y:
<,=r=
8*8M8
:7;L<
>->D>T>
0%141B1S1d1
1b2l2v2{2M3
3#434J4b5
8%9Z:J;
<u=w>
0^1|2
314B5\5|5
6/6f6
6%7*7
8/8j8
;=<S>
43585
>+?\?i?
2c2~2
6"676
9/:h:
182H2
3>3[3z3
4!404M4
5*5^5r5
6$6(6,6064686<[email protected]
9)9G9S9^9h9r9
:$:,:4:<:\:d:h:l:p:t:x:|:
; ;$;(;,;0;4;8;F;N;#<S<
<1=o=
=^>l>
031A1_1
1.2>2I2N2Y2^2i2n2y2~2
3I4V4i4~4
7H7Q7
:5;9;=;A;E;I;M;Q;U;Y;];a;e;i;m;q;u;y;
<!<,<5<D<[<g<s<{<
= =$=(=,=0=4=H=h=p=t=x=|=
=v>~>
?'?L?]?
0 0$0(0,0004080<[email protected]
1"1&1*1.12161:1>1B1F1J1N1R1V1Z1^1v1
2 2.262L2X2l2t2x2|2
3'3,3
647k7
7k8r8
;3;:;s;
>2>~>
E0x0?1K1R1d1
2$2a2i2o2{2
333?3
4!4-4:4X4j4
6Y6a6g6s6{6
6-757;7G7W7|7
7M8W8]8a8g8k8q8u8{8
9 9$9(9,9094989L9l9t9x9|9
:4:<:@:D:H:L:P:T:X:\:`:d:
:"<2<=<C<L<P<
?%?<?i?t?
0H0U0a0j0p0}0
1"1)10171>1E1L1S1Z1a1h1o1v1}1
2(262K2X2]2j2o2|2
3#30353B3G3T3Y3f3k3x3}3
4,414>4C4P4U4b4g4t4y4
5(5-5:5?5L5Q5^5c5p5u5
5j9s9}9
:':,:7:=:H:
;;;G;O;W;j;z;
9#9+949<9G9R9d9t9
:!:):C:K:f:n:
:*;P;
;c<o<|<
=(=,=0=4=8=L=_=c=s=
>>?`?
0.0H0T1^1c1m1t1
2 2$2,20282<2D2H2P2T2\2`2h2l2t2x2
3 3(3,3034383<[email protected]\3`3d3t3
4%5e5
5K6f6
737g7
9.9K9
9#:^:~:
;3;?;F;X;h;x;
<%<)<:<B<
=&=+=6=;=F=K=Y=b=g=l=z=
>(>->2>@>I>N>
2*242<2A2l2
6"6&6*6.62666:6>6B6F6J6N6R6V6Z6^6b6f6j6n6r6v6z6~6
; ;@;H;L;P;T;X;\;`;d;h;x;
<k<o<w<|<
<R=V=Z=^=d=
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
? ?$?(?,?0?4?8?<?J?R?j?n?r?v?z?~?
0$0H0L0P0i0q0
1#191A1^1j1
212=2S2x2
3 3$3(3,3034383<[email protected]|3
4 4$4(4,4044484<[email protected]`4o4s4
5"5;5C5_5g5
6,6J6
7 7$7(7,7074787<7L7\7`7n7
8+8/838Q8Y8r8
909T9t9|9
<$<;<
>+>E>
0#1S1
1#2W2
2c4w4
4 5l5
5K6]6h6s6
7 7+767
7B8c8
9%:b:
;q;~;
<H=5>
4,5q6
77:J: ;
U0_0i0|0
2$2U2
6=7O7
8O9u9
:(;E;
>#?E?
1+1=1
2+2:2|2
5&5=5
8%8K8p8
8S9v97:u:0;?;
;*<B<b<m<
0T0R2t2
2<3G3
3p4m5
8:8F8^8j8v9
<c<s<
>,>I>
0:0Y0
5 5$5(5,505;5G5N5X5b5l5v5
6$6,6064686<[email protected]
7#7+7I7Q7l7t7x7
838;8X8s8
9 9$9(9,9094989<[email protected]\9`9d9h9l9p9t9x9|9
:&:*:8:f:
:H;[;|;
;(<B<x<
<,=J=
>I>M>T>
?!?%?)?0?I?l?x?|?
0 0$0(0,0004080<[email protected]\0`0d0h0l0p0t0x0|0
0n1r1v1z1~1
2"2&2*2.22262:2>2B2F2J2N2R2V2Z2^2b2f2j2n2r2v2
3 3$3(3,3034383<[email protected]\3`3d3h3l3p3t3x3|3
4 4$4(4,[email protected]]4e4~4
5!575?5C5\5
6 666:6>6B6]6a6e6i6
7$7,707D7L7m7y7
8!8)8F8N8R8e8m8q8
9 999A9[9c9g9z9
:%:):A:I:e:m:
;!;%;<;a;i;m;
<"<;<i<
=$=R={=
>3>X>d>}>
?0?<?T?`?y?
090E0_0k0
1 1,1C1h1t1
2 2$2(2,2024282<[email protected]\2`2d2h2l2p2t2x2|2
4 4$444<[email protected]\4`4d4h4l4p4t4x4|4
5$5([email protected]\5`5d5h5l5p5t5x5|5
6(6064686<[email protected]\6`6p6
737;7^7i7}7
90999A9H9P9\9e9r9
9%:,:W:`:h:q:
:O;^;
<(=_=v=
>c?m?
2z4~4
7,8]8
*0Z0u0
1>2I2X2}2
3G3L3h3
4A4U4i4
5!646C6
9G:]:
<F<J<N<R<V<Z<^<
=+=:=E=T=\=l={=
7Y8`8
999R9
:#:3:M:c:
?<?m?
H0Q0^0
6(696K6U6k6|6Z7
7+8*999P9d9
;E;_;
>&>G>R>k>
?(?F?Y?
0$070I0f0y0
1^2l2w2
3"323G3R3`3q3
3U4b5
5q6|6
8+8b8
:&;5;s;
<6<A<I<X<l<z<
>]>g>
888*9
;!</<N=G>Y>n>
5"5.5<5
6)676C6Q6
707U7q7
8(939M9
9e:o:
<-=:=[=
?$?b?g?
06162
;D;y;
<&<8<J<l<|<
<C=O={=
>/?D?
222:2J2V2V3^3p3|3
3o4u4
8!9n9
90:;:F:`:e:
;-;=;J;P;e;k;x;
=9>K>P>q>
1"1'191H1^1q1
1$2C2_2
545Y5o5
6,6:6M6
627=7R7j7
8l9p9t9x9|9
;/<<=v=
<"=v=
>>?O?
0>0V0x0
1-1L1
6%7m7}7
<V=f=q=
262v2
3"303L3P3X3\3`3d3h3l3p3t3x3
8/8X8g8
819N9
= =0=Y=i=.>K>h>
+0U0d0{0
2/2Z2w2
2*3{3
4d4y5
636\6l6
7 7M7j7
7A8I8S8Y8d8t8
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:
;(;,;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
=$=(=0=4=8=<[email protected]=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
>0>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
1.1B1
505D5X5l5
:>;W<
=4=I=
>!>4>T>\>`>d>h>l>p>t>x>|>
? ?$?(?,?0?4?8?<[email protected]?D?H?L?P?T?X?\?`?d?h?l?
040<[email protected]\0`0d0h0l0p0t0x0|0
1 1$1(1,1014181<[email protected]\1`1d1|1
2,2<2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3$3,3034383<[email protected]\3`3d3h3l3p3t3x3|3
484U4
405H5d5t5
6 6$6(6,6064686<[email protected]~6
7 7<7L7\7d7h7l7p7t7x7|7
80888T8d8t8|8
9(909H9P9l9
95:9:=:A:H:
;?;C;G;L;};
<]<a<e<i<p<
<!=%=)=-=4=
= >$>(>,>0>t>x>|>
?e?i?m?q?x?
0z0~0
1Q1Y1`1l1p1|1
2 2$2(2,2024282F2N2
3"3&3*3.32363:3>3B3F3J3N3R3V3Z3^3b3f3j3n3r3v3z3~3
4"404>4B4S4W4[4~4
5)5<5_5g5k5
6 6$6(6,6064686<[email protected]\6`6d6h6l6p6t6x6|6
7(7}7
7?8C8G8K8O8S8`8l8p8|8
9 9$9(9,9094989<[email protected]\9`9d9h9l9p9t9x9|9
;";&;*;.;2;6;:;>;B;F;J;N;R;V;Z;^;b;f;j;n;r;v;z;~;
<"<&<*<.<2<6<H<Y<]<p<
= =$=(=,=0=4=8=<[email protected]=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
?&?*?.?2?D?U?Y?l?
^0b0f0j0n0r0v0z0~0
1 1$1(1,1014181<[email protected]\1|1
2d2l2{2
3'303f3q3w3
3G5W5n5
5P6Y6c6s6
:6:E:
:/;/<
>$?^?
0S1e1p1
1(2u2
283E3N3W3y3
5-5>5K5m5z5
6#6>6J6R6d6
7!7*777<7F7L7T7
8,818=8G8M8U8v8~8
9%949j9
:.:D:L:Z:l:|:
;#;@;K;T;b;u;
<&<3<:<@<L<f<q<
=$=/=:=O=V=\=d=j=x=~=
>%?L?q?v?
3`3|3
404X4x4
686V6(727F7M7Y7m7v7
:?;8<->
4L4V4a4
>'?j?
00090C0
=$=C=N=\=n=|=
>#>4>g>r>
031:1
2/272W2g2o2
5p5>6j6
8f9q9h;
< >.>
5V5k5}5
646A6v7
8B8_8
80:::j:t:3;7;;;?;C;G;K;O;
<6=:=>=B=F=J=N=R=2?;?S?
1C2S2
2*3B3
546!8
:(:G:
=N>c>
/0U0k1
1d2n2
3$3J3^6f6q6
7_9e9|9
9+:4:F:i;q;
:5;X;e;
=D=O=j=
2!3H3
8A:Q:
=Z>a>
4C5Y5
678T8
869J9
;*<G<
>!?>?U?Z?
1&3c3
4&4R4w4
0J1}1
1^2!4{6
6*797
8#8I9f9
<[=z=
0&070O0g0x0
3*4Z475k5
6)8r8
7!7-787>7J7T7Z7f7k7v7{7
:2:::F:P:Y:e:n:z:
; ;*;;;D;d;q;{;
<+<6<C<
2&24282T2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<[email protected]\3`3d3h3l3p3t3
4J5k5
:0:A:l:
;5;?;H;
='=J=m=
>?>b>
?3?V?y?
0(0K0n0
1<1]1~1
2"2C2d2
3+3N3q3
3 4C4f4
5M6{6
7k7}7
8 8$8(8>8F8N8V8^8f8n8v8~8
9 9$9(9,9<9\9d9h9l9p9t9x9|9
9=:m:c<o<w<
?B?_?
-0J0|0
1 1$1(1,1014181<[email protected]\1`1d1p1t1x1
2 2$2(2,2024282<[email protected]\2`2d2r2z2
3 3$3(3,3034383<[email protected]}3
3c4o4T6
6_7m778`8
9':3:G:a:z:
;(;-;:;?;L;Q;^;c;p;u;
<O=o=
>$>)>6>;>H>M>Z>_>l>q>~>
? ?%?2?7?D?I?V?[?h?m?z?
102f2
4X5u6
7Q8P9d9
<A=N=
>=>k>
1,1D1d1l1p1t1x1|1
1S2_2f2x2
343F3l3}3
414X4m4
6(6A6d6
6(7,7074787<[email protected]
8 8$8(8,8:8B8J8R8Z8b8j8r8z8
90:::a:
:#;K;
===y=
>+>L>m>
>L?n?
0%1K1U1
3>3d3
8,9{9
=I=Q=
1)1=1H1t2
223>3S3
444t4
;5;K;^;
>A>O>Y>e>
?"???P?v?
0H0m0
1,2C2
6x7}7
9(:J:O:
;$<)<V<[<$>)>T>Y>
1$141T1\1`1d1h1l1p1t1x1|1
6P7p7x7|7
8T8z8
9,:d:
0&00050O0Y0^0x0
181U1
1/2B2L2Q2k2u2z2
3)33383R3\3a3{3
4!4)4?4R4\4a4{4
5%5-555=5E5m5
1(161
9o:}:+</<3<7<;<?<C<G<K<O<S<W<[<_<c<g<k<o<s<w<{<
V2h2x2
4d576P6
6F8K8
;L<Y< =/=
081Q1Y1a1i1q1|1
2 2*242>2H2R2\2f2p2z2
3+464>4L4]4
7,7H7m8
;';_;k;
;+<O<
1%1)1-1115191=1&2d2
394o4
6)6/6X6^6{6
7$8H8p8
9"9r9
:*:8:
;-;;;
<"<G<O<
<F=k=s=
>4?Y?
2&2:2N2i2q2y2
3:4N4b4v4
5f6n6
7"747]7j7x7
888=8B8G8L8Q8
9#9(9-92979<9w9
:Q:s:
<B<p<
<=?J?[?q?
2#212?2M2[2i2w2
434V4x4
4#525A5P5_5n5}5
7"8I8d8
9=9n9
9::Q:
;><d<
<T=a=
>e>|>
?-?;?L?Q?c?
0"0A0J0}0
7#7B7d7
:8:E:_:m:{:
=+=9=
>+>9>E>J>
?+?9?G?U?c?q?
4)454:4
5-5;5I5U5Z5
6+696G6X6
7)757:7
8'858C8Q8]8b8:9\9
:(:L:i:v:{:
>J?b?
0!0>0C0X0]0x0}0
0"2Q2
5B5J5U5
7,8s8z8
8B9H9d9r9
;(;:;~;
<2<k<z<
<#=h=
>Y?j?r?
2'242:2B2O2U2]2j2p2x2
2&3.3
5(575F5U5d5s5
5_6z6
7B7r7
7&8C8S8
9G9o9
&0Q0`0o0~0
1*1/1B1G1Z1_1r1w1
2 242
4D5d5
6#626M6\6
7"7'7:7?7R7W7j7o7
8X9d9x9
9&:D:r:
;(;V;t;
<&<5<F<S<b<o<t<
='=d=H>W>
0H0\0x0
0(1z1
2.2E2R2W2~2
3%3;3C3b3g3
4 4%4,414r4
606S6k6
7(7E7e7
8/8G8U8d8
9b:s:
<2<O<
<7=T=
=F>c>
1'161K1Z1d1l1q1y1
2+222>2U2\2i2
6/6[6
6;7d7
7!8>8q8
969>9^9
: :;:b:
;6;`;
<:<W<
=9=L=
>A>j>
?!?>?z?
2$2D2a2
3.3N3k3
484X4u4
5%5B5b5
5-6~6
7N8w8
829w9
:T:}:
;)<R<o<
<#=L=i=
>0>M>
?.?K?k?
0'0;0Y0m0
2&292L2_2i2q2y2
3'3G3d3
5&5/5L5e5u5
6>6n6z6
777T7t7
8T8m8
939P9p9
:*:@:V:[:`:v:
;7;O;T;[;`;g;r;
;(<2<S<^<e<p<
<(=W=
=&>>>a>
>'?P?m?
0P0m0
1!1f1z1
2.2D2Z2p2
3#3O3
3)4C4Y4f4s4
4$565;5J5`5
6;6X6x6
7<7`7m7u7
8+9=9V9b9j9
9":.:6:j:x:
:,;P;_;
;)<u<
<,=M=
?7?`?}?
0.0D0f0v0
1&2S2
3#3z3
6'6C6f6k6
8$8?8Z8
;.;K;
;"<?<_<|<
?>?M?
181C1J1U1c1|1
222_2i2y2
3/3F3c3
3%4B4b4
565V5s5
6#6/6H6T6c6r6
757R7r7
8$838?8I8Y8
:2:O:o:
;&;<;R;h;t;
<6<V<s<
>->9>E>O>Y>e>q>{>
?0?P?m?
;';?;N;V;b;o;{;
<(<G<Y<a<t<
<o={=
>">T>
?+???Z?u?
0A0d0p0
1:2J2
4(5_5t5
:(:H:P:T:X:\:`:d:h:l:p:t:x:
?J?f?
060x0
334f4
4)5e5
667o7|7
8 8$8(8,8084888<8h8
8j95:W:`:}:
=m>z>
?1?~?
0<0|0
0-1>1O1`1w1
2<2q2:3H3S3p3
4+4T4e4
6%6G6V6`6u6z6
8%8*8<8F8U8j8
:!:%:):-:1:5:9:=:A:E:I:\:`:d:h:l:p:t:x:|:
;0;B;T;f;x;
<,<><
=7=_=y=
?'?M?o?
_0k0r0|0
293V3}3
455d5
5Q6q6
7!8J8m8
8P9c9l9
9m:u:
:J;W;e;
=Y=a=s=x=
=J>V>e>p>{>
?=?Z?z?
-050=0B0[0g0l0
0?1K1R1\1n1
2f2{2
3D4^4
5K5Y5a5~5
9*979P9s9
:E:L:
</<<<
=,>B>X>x?
4E5b5o5
646g6
777c7
8 8$8(8,80848B8
:J;X;
<)<S<
=R={=
?2?Y?
0*0>0R0a0n0}0
1c2q2
4!4/4I4n4
4=5K5^5q5
6D6m6
8,84888<[email protected]\8j8r8
9'9k9
:+:K:z:
;*;M;s;
<-<v<
> >$>(>,>0>4>8><>H>h>p>t>x>|>
?W?o?u?
0$050:0E0`0
1%1/181H1
2+292S2t2
5,545B5L5\5h5r5
6,6E6_6f6u6
7=7a7{7
9;9H9
=Z>g>
1$1<1Y1j1
2!2>2}2
243C3P3[3s3
374<4V4
5,5L5i5
7-7M7j7
8D8V8[8u8
8 9(90989M9
9J:[:u:
; ;$;(;,;0;4;8;<;@;
;H<y<
=$>0>D>L>P>T>X>\>`>d>h>l>p>t>
,0b0o0
2"303N3
4Z4h4
:J:Y:a:f:n:{:
:";3;M;Z;b;o;};
<L<j<o<
=!=4=9=
>!>1>A>R>q>{>
0*0G0
2&2j2y2
3M3U3,4
5,54585<[email protected]\5j5
718}8
9,9P9i9v9
<,<M<
=">7>J>O>c>
>&?+?=?M?Y?n?
0T1b1o1
112i2q2
4;4o4
535B5Q5`5o5
8(8K8
: ;=;x;
;,<a<
=E>S>t>
0(1}1
2)2;2U2a2
273E3W3q3}3
3?4M4
4%5m5
6W7e7
788U8]8
8 9.9U9
:":;:W:|:
:H;o;
=,=?=p=
000O0
151x1/2H2h2
2+393W3
4=4X4i4
4f5~5
536A6
899G9
9F:T:
<1<E<
>">,>7>A>L>^>n>
'0H0f0
0"1/1?1M1
1N2S2
3/3=3
3B4h4y4
5Q5m5
7*8m8
;C<Q<g<w<|<
<!=/=]=m=
3I3W3e3
4 4$4H4L4P4T4`4d4h4l4p4t4x4|4
50646P6T6
7 8$888<8
0%0)0/060:0T0]0f0r0|0
161K1W1_1i1n1s1x1}1
2$272C2M2T2^2e2o2|2
3"3-373>3H3O3Y3`3j3o3t3y3
4&4.464
5#5.535B5J5U5Z5e5l5
6&606?6K6S6b6l6q6}6
7#7.737>7C7U7f7o7t7
8,878B8J8R8\8f8k8z8
8!9.9P9V9}9
:):6:@:R:X:e:r:|:
;);6;C;P;`;e;m;
; <1<8<><D<K<[<b<h<n<u<
=-=f=v=
=;>N>S>^>p>
?6?R?
0(0:0F0X0h0r0
2$242F2V2u2
3)393U3e3
4&464M4]4u4
1(1H1,7074787<[email protected]|8
9 9$9(9,90949p9x9
:T;t;x;|;
< <(<0<8<@<H<P<X<`<h<p<x<
= =([email protected]=H=P=X=`=h=p=x=
?$?,?4?<?D?L?T?\?d?l?t?|?
0$0,040<0D0L0T0\0d0l0t0|0
1$1,141<1D1L1T1\1d1l1t1|1
2$2,242<2D2L2T2\2d2l2t2|2
3$3,383<[email protected]\3`3d3h3l3p3t3x3|3
6 6T6d6l6t6|6
;(;4;@;L;X;d;p;|;
8 8$8(8,8084888<[email protected]\8`8d8h8l8p8t8x8|8
9 9$9(9,9094989<[email protected]\9`9d9h9l9p9t9x9|9
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
= =$=(=,=0=4=8=
lll'lll'lll'lll'lll'lll'lll'lll'lll'lll'kkk
hWajjj
kkk;lllKlllKlllKlllKlllKlllKlllKlllKlllKlllKlllKlllKlllKlllKlllKlllKlllKlllKlllKkkkKlll9kkk
kkkIjjj
skgUjjj
fTmfff
lll;kkkUlllakkkclllclllclllclllclllclllclllclllclllclllclllclllclllclllckkkclllclllckkkclllclllckkkclllclllckkkclllclllckkkckkkalllUkkk9kkk
lllEmlk}~i`
mkk{kkkAjjj
lkjUkkk
kkkMjjj
lll)kkk
yicYiii
h\1ooo
gY3mmm
gY3mmm
fX3mmm
eX3mmm
dW3lll
dW3lll
cW3lll
vi3lll
yl3mmm
tyhhh
mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!mmm!jjj!mmm
lll9lllSkkkglllqlllulllulllulllulllulllulllulllulllulllulllulllulllulllulllulllulllulllulllulllulllulllulllulllulllulllulllulllulllulllulllulllulllulllulllulllulllulllukkkqkkkglllSkkk9lll
mmm=kkkilll
lllgkkk;iii
mmm!kkkSlll
kkkQkkk
kkkYuje
kkkUkkk
lllKzib
kkkGjjj
kkk1ujd
lll-jjj
kkkQmmm
kkk#eee
lll3fff
zkdKooo
fSkqqq
dMyooo
dLyooo
dLyooo
cLyooo
cLyooo
cLyooo
cLyooo
cLyooo
bLyooo
bLyooo
bLyooo
aKyooo
aKyooo
aKyooo
`Kyooo
`Kyooo
_Kyooo
_Kyooo
_Jyooo
_Jyooo
_Jyooo
_Iyooo
^Iyooo
^Iyooo
]Iyooo
]Iyooo
\Iyooo
\Iyooo
[Hyooo
eQyooo
|gyooo
|gyooo
}hyooo
~iyooo
jyooo
jyooo
lyooo
myqqq
nuooo
pmfff
pOeee
kkk%kkk+kkk-nnn1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1lll1jjj1kkk-mmm)mmm%lll
nnn!lll+mmm7mmmCkkkMmmmUmmmYmmm]lll]lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll_lll]lll]kkkYkkkUlllMmmmAkkk7nnn+mmm
kkk%lll5mmmElllUmmmelllqlll{kkk
lll{mmmolllckkkUjjjCmmm3mmm#ooo
ooo#nnn5nnnIkkk_mmmslll
kkkolll]lllGmmm3kkk!jjj
jjj-lllCmmm]lllukkk
lllqkkkYlllAiii)kkk
mmm3jjjOlllkmmm
mmmgjjjMnnn1jjj
kkk9lllWkkkummm
kkkskkkSlll5kkk
kkk9kkkYkkk{lll
lllwlllUlll5jjj
lll5lllWlll{lll
lllwkkkSlll1kkk
mmm-lllQlllwlll
mmmsjjjMooo)jjj
jjj#mmmEmmmmlll
lllilllAkkk!ppp
kkk7mmm_kkk
nnnYmmm3ooo
jjj'lllMmmmw
mmmqlllGjjj#iii
mmm7kkkcxjc
kkk]mmm3mmm
jjj#lllIkkku
kkkommmCmmm
lll/mmmY
lllSkkk+hhh
mmm=mmmi
lllckkk7ooo
iii#lllI
mmmAlll
kkk)lllS
mmmMmmm%iii
mmm/rkga
umi[mmm)mmm
i[ykkk-ooo
ppp/ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
lll1ppp
nnn1ppp
ooo-ooo
kkk+mmm
kkk%iii
qyhhh
pKfff
r=fff
vKqqq
v'UUU
|CUUU
D57ABA5857F0AFF67584605E90BE4665C9814BEEC7ED390E0271B92D19FEA0B20E586F14A8A8EAB36AD8300B3A72D2BC46C41DAA8BABCF32E487BFC72DDD0BFE65627048CA81BCDE1D51CCD8B1A0859B3B7DDF2CA76FF9DB253280C058257220B65246E9972DDD1AAF84694581CA50928EF5FD642447F870F94639B1F4F5080804195865D1019FE01B242447AE8BE4824B394D695E510D276F7BAF04ED26B99BE56B8437B96EACE76780C861B642D421CB14CD5FE8F68FE29D29B45CB451C925CFF4422F4DEC4D04F0F68B7A82E88915CFCBC12398F24E0CBD856AF280518AF77BC09508360611CEE81676346E84B7F4243929DC84008C7F280DE7A10BD52BF5CCC24FE2E2886EE6468AB4EE63956FF39CDBD5A8EA44FE1ED2290AC4ADC741D358312388AB45B825E0B3F5A75DE7576C52C840CACFDBBE6C908B013F5AE0A1E9DAD5D46391D40EEF908DB389FBCE2B8409C9536300596E4D67B31FDA4CD84F5A664BA532253BB6B13693E7A386F8EC60DDEFAEAE212D01BB52FD1C79C4BA51EEFC70B6BF820A2C73CCPA
{<:y&q?
server
UntKeylogger
UntMain
)UntDownloaderThread
UntSinInfo
UntCore
UntVars
UntRDPThread
UTypes
SysInit
System
UntDisableAero
KWindows
ZLibEx
^Classes
SysConst
"RTLConsts
sActiveX
3Messages
QTypInfo
SysUtils
ImageHlp
CVariants
$VarUtils
+Graphics
Consts
8Registry
IniFiles
WinSock
+UntAsyncTask
hUntSendStream
RUntRC4
UntActivePorts
TlHelp32
UntSoundCaptureThread
GMMSystem
KACMConvertor
MSAcm
[ACMIn
bListUnit
UntMainConnectionThread
+UntScreenCapture
7UntInputsControls
UntRemoteDesktop
UntResizePic
"GDIPUTIL
,GDIPOBJ
GDIPAPI
DirectDraw
*ShellAPI
UntControlKey
GMD5Api
=MD5Core
)UntRemoteShell
mUntSendDataFluxThread
UntKeepAlive
NUntPluginsData
8DLLMemory
"UntIPUtils
IUntSocks5
UntCaptureWebcam
UntWebCam
`VFrames
SyncObjs
VSample
ADirectShow9
FComObj
qComConst
yDirect3D9
DXTypes
DirectSound
dUntSearchThread
CryptApi
(ShlObj
UrlMon
?WinInet
RegStr
CommCtrl
0Nb30
untstartup
(UntUploadFTPThread
UntFTP
UntRemoteUtils
|afxCodeHook
UntQuickTransferThread
2UntDCSettingsReader
aUntWIFI
7nduWlanTypes
nduCType
nduWlanAPI
nduEapTypes
=nduWinNT
nduWinDot11
:nduNtDDNdis
nduL2cmn
DUntScreenThumb
UntReceiveDataFluxThread
UntSendFileThread
UntFWB
TSHFolder
UntReceiveFileThread
_UntUDPFlood
dUntSynFlood
YUntScanPorts
xUSock
UntRPCScan
UntInfections
iUntProcess
PsAPI
UntServices
WinSvc
UntFun
0UntPasswordAndData
UntMClipboard
Clipbrd
Forms
CUxTheme
DwmApi
5Themes
&Controls
EActnList
vMenus
ImgList
Contnrs
MultiMon
StdActns
YStrUtils
Dialogs
RHelpIntfs
WideStrUtils
IDlgs
ExtCtrls
GraphUtil
dStdCtrls
Printers
WWinSpool
3CommDlg
FlatSB
(UntBot
UntMSN
cMessengerAPI_TLB
StdVCL
OleServer
OleConst
UntMsConfig
UntWindowManager
UntRegEdit
UntNetShareLister
XUntHTTPFlood
UntCPU
0UntMiscFunc
untFunctions
UntIP
Sockets
UntRootKit
UntServerReader
UntAntiSB
PADDINGXXPADDINGPADDINGXXPADDING
jjjjjjj
jjjjjj
ebutton
clock
combobox
explorerbar
header
listview
progress
rebar
scrollbar
startpanel
status
taskband
taskbar
toolbar
tooltip
trackbar
traynotify
treeview
window
jjjjjj
jjjjj
jjjjj
jjjjj
jjjjj
jjjjj
jjjjj
jjjjj
jjjjj
jjjjj
jjjjj
jjjjj
jjjjj
FriendlyName
FriendlyName
Video Capture
Sample Grabber
Null Renderer
jjjjjj
jjjjjjj
jjjjj
jjjjjj
#+3;CScs
EEEEEEEE
???????????????
66006666
000000
DCDATA
DVCLAL
PACKAGEINFO
DCOM not installed"Unable to find a Table of Contents
No help found for %s#No context-sensitive help installed
No help found for context$No topic-based help system installedNUnable to retrieve a pointer to a running object registered with OLE for %s/%s
Shift+
Ctrl+
Invalid clipboard format Clipboard does not support Icons
Cannot open clipboard/Menu '%s' is already being used by another form
Docked control must have a name%Error removing control from dock tree
- Dock zone not found
- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
Yes to &All
Enter
Space
Right
*A control cannot have itself as its parent
Cannot drag a form
Warning
Error
Information
Confirm
Cancel
&Help
&Abort
&Retry
&Ignore
N&o to All
Invalid ImageList Index)Failed to read ImageList data from stream(Failed to write ImageList data to stream$Error creating window device context
Error creating window class+Cannot focus a disabled or invisible window!Control '%s' has no parent window
Cannot hide an MDI Child Form)Cannot change Visible in OnShow or OnHide"Cannot make a visible window modal
Menu index out of range
Menu inserted twice
Sub-menu is not in menu
Not enough timers [email protected] cannot be less than a previous menu item's GroupIndex5Cannot create form. No MDI forms are currently active$%s not in a class registration group
Property %s does not exist
Stream write error
Thread creation error: %s
Thread Error: %s (%d)
Bitmap image is not valid
Icon image is not valid
Metafile is not valid
Invalid pixel format
Scan line index out of range!Cannot change the size of an icon
Unsupported clipboard format
Out of system resources
Canvas does not allow drawing
Invalid image size
Invalid ImageList
Invalid property path
Invalid property value
Invalid data type for '%s' List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d)+Out of memory while expanding memory stream
Error reading %s%s%s: %s
Stream read error
Property is read-only
Failed to create key %s
Failed to get data for '%s'
Failed to set data for '%s'
Resource %s not found
%s.Seek not implemented$Operation not allowed on sorted list
Saturday
Unable to create directory
Ancestor for '%s' not found
Cannot assign a %s to a %s
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
Invalid stream format$''%s'' is not a valid component name
October
November
December
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
January
February
March
April
August
September
Unexpected variant error
External exception %x
Assertion failed
Interface not supported
Exception in safecall method
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
A call to an OS function failed/Application is not licensed to use this feature
No argument for format '%s'"Variant method calls not supported
Write$Error creating variant or safe array)Variant or safe array index out of bounds
Variant or safe array is locked
Invalid variant type conversion
Invalid variant operation%Invalid variant operation (%s%.8x)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Variant overflow
Invalid argument
Invalid variant type
Operation not supported
Range check error
Integer overflow Invalid floating point operation
Floating point division by zero
Floating point overflow
Floating point underflow
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Access violation
Stack overflow
Control-C hit
Privileged instruction(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
!'%s' is not a valid integer value('%s' is not a valid floating point value!'%s' is not a valid date and time
'%s' is not a valid GUID value
Invalid argument to time encode
Invalid argument to date encode
Out of memory
I/O error %d
File not found
Invalid filename
Too many open files
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero
VS_VERSION_INFO
StringFileInfo
040904b0
Comments
Remote Service Application
CompanyName
Microsoft Corp.
FileDescription
Remote Service Application
FileVersion
1, 0, 0, 1
InternalName
MSRSAAPP
LegalCopyright
Copyright (C) 1999
OriginalFilename
MSRSAAP.EXE
ProductName
Remote Service Application
ProductVersion
4, 0, 0, 0
VarFileInfo
Translation
No antivirus signatures available.
Sorry! No behavior.

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.

Processing ( 7.624999999999999 seconds )

  • 4.66 CAPE
  • 2.885 TargetInfo
  • 0.052 AnalysisInfo
  • 0.023 Strings
  • 0.005 Debug

Signatures ( 0.05700000000000001 seconds )

  • 0.011 ransomware_files
  • 0.008 ransomware_extensions
  • 0.006 antiav_detectreg
  • 0.004 antiav_detectfile
  • 0.003 persistence_autorun
  • 0.003 antianalysis_detectfile
  • 0.003 infostealer_ftp
  • 0.003 territorial_disputes_sigs
  • 0.002 infostealer_bitcoin
  • 0.002 infostealer_im
  • 0.001 kibex_behavior
  • 0.001 tinba_behavior
  • 0.001 antianalysis_detectreg
  • 0.001 antivm_vbox_files
  • 0.001 geodo_banking_trojan
  • 0.001 browser_security
  • 0.001 disables_backups
  • 0.001 disables_browser_warn
  • 0.001 azorult_mutexes
  • 0.001 infostealer_mail
  • 0.001 masquerade_process_name
  • 0.001 revil_mutexes

Reporting ( 3.091 seconds )

  • 3.091 BinGraph