Sample details: 5cfe7af385097855e636abcb032b3dcb --

Hashes
MD5: 5cfe7af385097855e636abcb032b3dcb
SHA1: 37060bdf8e4bcf2a479cf8b4a90177b7bfbf6478
SHA256: c624fd8ae555f5bff65fcb83347bce06005826b7b28ecb630ed899c0321dc630
SSDEEP: 12288:M3OpvNW4a76S/Ddon/m09bbYlIaaMcE2YGhq3vo1RnfAvIESJgoE26yc/RY:aOA4aWNn/m09fKIaaBEtWq3A1Ov8Jgb+
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Borland | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/borland_delphi | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/System_Tools | YRP/Browsers | YRP/VM_Generic_Detection | YRP/Dropper_Strings | YRP/Misc_Suspicious_Strings | YRP/ThreadControl__Context | YRP/disable_antivirus | YRP/inject_thread | YRP/hijack_network | YRP/create_service | YRP/network_udp_sock | YRP/network_tcp_listen | YRP/network_http | YRP/network_dropper | YRP/network_tcp_socket | YRP/network_dns | YRP/escalate_priv | YRP/screenshot | YRP/keylogger | YRP/sniff_audio | YRP/spreading_share | YRP/win_mutex | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/win_hook | YRP/MD5_Constants | YRP/Delphi_Random | YRP/Delphi_FormShow | YRP/Delphi_Copy | YRP/Delphi_StrToInt | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/Str_Win32_Http_API | YRP/DarkComet_1 | YRP/DarkComet_3 | YRP/DarkComet_4 | FlorianRoth/RAT_DarkComet | KevTheHermit/DarkComet | BAMFDetect/DarkComet |
Strings
		This program must be run under Win32
`.itext
`.data
.idata
.rdata
@.reloc
B.rsrc
Boolean
Integer
Cardinal
string
WideString
OleVariant
TObject
TObject
System
IInterface
System
	IDispatch4
System
TInterfacedObject
FastMM Borland Edition 
 2004, 2005 Pierre le Riche / Professional Software Development
An unexpected memory leak has occurred. 
The unexpected small block leaks are:
 bytes: 
Unknown
String
The sizes of unexpected leaked medium and large blocks are: 
Unexpected Memory Leak
Ht Ht.
~KxI[)
                                                                
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
_^[YY]
YZXtm1
VWUUhdN@
ZTUWVSPRTj
tVSVWU
kernel32.dll
GetLongPathNameA
Software\Borland\Locales
Software\Borland\Delphi\Locales
_^[YY]
odSelected
odGrayed
odDisabled	odChecked	odFocused	odDefault
odHotLight
odInactive	odNoAccel
odNoFocusRect
odReserved1
odReserved2
odComboBoxEdit
Windows
TOwnerDrawState
Magellan MSWHEEL
MouseZ
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
	TFileName
TSearchRec`
	Exception
EAbort
EHeapException
EOutOfMemory
EInOutErrorh
	EExternal
EExternalException
	EIntError
EDivByZero
ERangeError(
EIntOverflow
EMathError
EInvalidOp
EZeroDivide
	EOverflow
EUnderflow
EInvalidPointer
EInvalidCast
EConvertError
EAccessViolation
EPrivilege
EStackOverflow
	EControlC
EVariantError
EAssertionFailed
EAbstractError
EIntfCastError
EOSError
ESafecallException
SysUtils
SysUtils
TThreadLocalCounter
$TMultiReadExclusiveWriteSynchronizer
-{{{{1
-ffff!
-{{{{1
-ffff!
-[[[[1
-ffff!
-[[[[1
-ffff!
<*t"<0r=<9w9i
INFNAN
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
_^[YY]
_^[YY]
$YZ_^[
t%HtIHtm
$Z]_^[
QQQQQQSVW3
QQQQQSVW
_^[YY]
	TErrorRec
TExceptRec
$YZ_^[
YZ]_^[
m/d/yy
mmmm d, yyyy
:mm:ss
TUnitHashArray
SysUtils
TModuleInfo
DVCLAL
kernel32.dll
GetDiskFreeSpaceExA
(Z]_^[
YZ]_^[
tagMULTI_QI
IPersist4
ActiveX
tagEXCEPINFO 
oleaut32.dll
VariantChangeTypeEx
VarNeg
VarNot
VarAdd
VarSub
VarMul
VarDiv
VarIdiv
VarMod
VarAnd
VarXor
VarCmp
VarI4FromStr
VarR4FromStr
VarR8FromStr
VarDateFromStr
VarCyFromStr
VarBoolFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromBool
TCustomVariantType
TCustomVariantType
Variants
EVariantInvalidOpError
EVariantTypeCastError
EVariantOverflowError
EVariantInvalidArgError,
EVariantBadVarTypeError
EVariantBadIndexError
EVariantArrayLockedError
EVariantArrayCreateError
EVariantNotImplError
EVariantOutOfMemoryError
EVariantUnexpectedError
EVariantDispatchError
_^[YY]
QQQQSV
Smallint
Integer
Single
Double
Currency
OleStr
Dispatch
Boolean
Variant
Unknown
Decimal
ShortInt
LongWord
String
Array 
ByRef 
Variants
_^[YY]
_^[YY]
	TBiDiMode
bdLeftToRight
bdRightToLeft
bdRightToLeftNoAlign
bdRightToLeftReadingOnly
Classes
ssShift
ssCtrl
ssLeft
ssRight
ssMiddle
ssDouble
Classes
TShiftState
THelpContext
	THelpType
	htKeyword	htContext
Classes
	TShortCut
TNotifyEvent
Sender
TObject
EStreamError
EFileStreamError
EFCreateError
EFOpenError|pA
EFilerError
EReadError
EWriteError
EClassNotFound
EResNotFound
EListError
EBitsError
EStringListError
EComponentError
EOutOfResources
EInvalidOperation
TThreadList uA
TPersistent
TPersistenttuA
Classes
TInterfacedPersistent
TInterfacedPersistentdvA
Classes
IStringsAdapter4
Classes
TStrings
TStringsPwA
Classes
TStringItem
TStringList0yA
TStringList
Classes
TStream
THandleStream
TFileStream
TCustomMemoryStream
TMemoryStream
TStringStream
TResourceStream
TStreamAdapter
TClassFinder
TFiler
TReader
EThreadL
TThread`
TComponentNamet
IDesignerNotify4
Classes
TComponent
TComponent
Classes
TBasicActionLink
TBasicAction
TBasicAction|
Classes
TIdentMapEntry
	TRegGroup
TRegGroups
YZ]_^[
$Z]_^[
$Z]_^[
_^[YY]
	TIntConst
_^[YY]
Strings
S$_^[Y]
_^[YY]
Sd]_^[
$Z]_^[
TPropFixup
TPropIntfFixup
_^[YY]
Classes
_^[YY]
_^[YY]
QQQQQQQS
R0_^[]
_^[YY]
S	_^[]
TPUtilWindow
ERegistryException
	TRegistryS
TColor
EInvalidGraphicH*B
EInvalidGraphicOperation
TFontPitch
	fpDefault
fpVariable
fpFixed
Graphics
	TFontName
TFontCharset
TFontStyle
fsBold
fsItalic
fsUnderline
fsStrikeOut
Graphics
TFontStyles
	TPenStyle
psSolid
psDash
psDot	psDashDot
psDashDotDot
psClear
psInsideFrame
psUserStyle
psAlternate
Graphics
TPenMode
pmBlack
pmWhite
pmCopy	pmNotCopy
pmMergePenNot
pmMaskPenNot
pmMergeNotPen
pmMaskNotPen
pmMerge
pmNotMerge
pmMask	pmNotMask
pmNotXor
Graphics
TBrushStyle
bsSolid
bsClear
bsHorizontal
bsVertical
bsFDiagonal
bsBDiagonal
bsCross
bsDiagCross
Graphics
TGraphicsObjecth-B
TGraphicsObject@-B
Graphics
IChangeNotifier4
Graphics
TFontD.B
Graphics
Charset
Color<
Height
Orientationd*B
Pitch<
Size$+B
Graphics
Mode<+B
Style<
TBrush
TBrush
Graphics
Colorx,B
TCanvas
TCanvasx1B
Graphics
Brush<
CopyMode@.B
TGraphic
TGraphic
Graphics
TPicture
TPictureT4B
Graphics
TSharedImage
TMetafileImage
	TMetafile
	TMetafile
Graphics
TBitmapImage
TBitmap
TBitmap
Graphics
TIconImage
TIconL8B
Graphics
TResourceManager
TBrushResourceManager
_^[YY]
clBlack
clMaroon
clGreen
clOlive
clNavy
clPurple
clTeal
clGray
clSilver
clLime
clYellow
clBlue
clFuchsia
clAqua
clWhite
clMoneyGreen
clSkyBlue
clCream
clMedGray
clActiveBorder
clActiveCaption
clAppWorkSpace
clBackground
clBtnFace
clBtnHighlight
clBtnShadow
clBtnText
clCaptionText
clDefault
clGradientActiveCaption
clGradientInactiveCaption
clGrayText
clHighlight
clHighlightText
clHotLight
clInactiveBorder
clInactiveCaption
clInactiveCaptionText
clInfoBk
clInfoText
clMenu
clMenuBar
clMenuHighlight
clMenuText
clNone
clScrollBar
cl3DDkShadow
cl3DLight
clWindow
clWindowFrame
clWindowText
ANSI_CHARSET
DEFAULT_CHARSET
SYMBOL_CHARSET
MAC_CHARSET
SHIFTJIS_CHARSET
HANGEUL_CHARSET
JOHAB_CHARSET
GB2312_CHARSET
CHINESEBIG5_CHARSET
GREEK_CHARSET
TURKISH_CHARSET
HEBREW_CHARSET
ARABIC_CHARSET
BALTIC_CHARSET
RUSSIAN_CHARSET
THAI_CHARSET
EASTEUROPE_CHARSET
OEM_CHARSET
Default
_^[YY]
E$PVSj
_^[YY]
C ;C$s
TClipboardFormats
_^[YY]
_^[YY]
S`_^[Y]
kD$TdP
kD$PdP
D$LPkD$XdPV
D$HPkD$TdPV
|$( EMFt
D$HPkD$TdPV
D$LPkD$XdPW
TBitmapCanvas
TBitmapCanvas
Graphics
_^[YY]
C(_^[Y]
Tahoma
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
MS Shell Dlg 2
TPatternManagerSV
_^[YY]
	EOleError
EOleSysError
EOleException
Apartment
Neutral
%s, ClassID: %s
%s, ProgID: "%s"
ole32.dll
CoCreateInstanceEx
CoInitializeEx
CoAddRefServerProcess
CoReleaseServerProcess
CoResumeClassObjects
CoSuspendClassObjects
QQQQQQQQSV
PQRhD*I
TOrderedList
TStack
IHelpSelector4
:	HelpIntfs
IHelpSystem4
:	HelpIntfs
ICustomHelpViewer4
:	HelpIntfs	
IExtendedHelpViewer
:	HelpIntfs
EHelpSystemException
THelpManager
THelpViewerNode
_^[YY]
GetMonitorInfoA
GetSystemMetrics
MonitorFromRect
MonitorFromWindow
MonitorFromPoint
GetMonitorInfo
DISPLAY
GetMonitorInfoA
DISPLAY
GetMonitorInfoW
DISPLAY
EnumDisplayMonitors
USER32.DLL
TSynchroObject
THandleObject
TEvent
TCriticalSection
OleMainThreadWndClass
ole32.dll
CoWaitForMultipleHandles
BeginBufferedPaint
EndBufferedPaint
BufferedPaintSetAlpha
uxtheme.dll
OpenThemeData
CloseThemeData
DrawThemeBackground
DrawThemeText
GetThemeBackgroundContentRect
GetThemePartSize
GetThemeTextExtent
GetThemeTextMetrics
GetThemeBackgroundRegion
HitTestThemeBackground
DrawThemeEdge
DrawThemeIcon
IsThemePartDefined
IsThemeBackgroundPartiallyTransparent
GetThemeColor
GetThemeMetric
GetThemeString
GetThemeBool
GetThemeInt
GetThemeEnumValue
GetThemePosition
GetThemeFont
GetThemeRect
GetThemeMargins
GetThemeIntList
GetThemePropertyOrigin
SetWindowTheme
GetThemeFilename
GetThemeSysColor
GetThemeSysColorBrush
GetThemeSysBool
GetThemeSysSize
GetThemeSysFont
GetThemeSysString
GetThemeSysInt
IsThemeActive
IsAppThemed
GetWindowTheme
EnableThemeDialogTexture
IsThemeDialogTextureEnabled
GetThemeAppProperties
SetThemeAppProperties
GetCurrentThemeName
GetThemeDocumentationProperty
DrawThemeParentBackground
EnableTheming
DWMAPI.DLL
DwmExtendFrameIntoClientArea
DWMAPI.DLL
DwmIsCompositionEnabled
clWebSnow
clWebFloralWhite
clWebLavenderBlush
clWebOldLace
clWebIvory
clWebCornSilk
clWebBeige
clWebAntiqueWhite
clWebWheat
clWebAliceBlue
clWebGhostWhite
clWebLavender
clWebSeashell
clWebLightYellow
clWebPapayaWhip
clWebNavajoWhite
clWebMoccasin
clWebBurlywood
clWebAzure
clWebMintcream
clWebHoneydew
clWebLinen
clWebLemonChiffon
clWebBlanchedAlmond
clWebBisque
clWebPeachPuff
clWebTan
clWebYellow
clWebDarkOrange
clWebRed
clWebDarkRed
clWebMaroon
clWebIndianRed
clWebSalmon
clWebCoral
clWebGold
clWebTomato
clWebCrimson
clWebBrown
clWebChocolate
clWebSandyBrown
clWebLightSalmon
clWebLightCoral
clWebOrange
clWebOrangeRed
clWebFirebrick
clWebSaddleBrown
clWebSienna
clWebPeru
clWebDarkSalmon
clWebRosyBrown
clWebPaleGoldenrod
clWebLightGoldenrodYellow
clWebOlive
clWebForestGreen
clWebGreenYellow
clWebChartreuse
clWebLightGreen
clWebAquamarine
clWebSeaGreen
clWebGoldenRod
clWebKhaki
clWebOliveDrab
clWebGreen
clWebYellowGreen
clWebLawnGreen
clWebPaleGreen
clWebMediumAquamarine
clWebMediumSeaGreen
clWebDarkGoldenRod
clWebDarkKhaki
clWebDarkOliveGreen
clWebDarkgreen
clWebLimeGreen
clWebLime
clWebSpringGreen
clWebMediumSpringGreen
clWebDarkSeaGreen
clWebLightSeaGreen
clWebPaleTurquoise
clWebLightCyan
clWebLightBlue
clWebLightSkyBlue
clWebCornFlowerBlue
clWebDarkBlue
clWebIndigo
clWebMediumTurquoise
clWebTurquoise
clWebCyan
clWebPowderBlue
clWebSkyBlue
clWebRoyalBlue
clWebMediumBlue
clWebMidnightBlue
clWebDarkTurquoise
clWebCadetBlue
clWebDarkCyan
clWebTeal
clWebDeepskyBlue
clWebDodgerBlue
clWebBlue
clWebNavy
clWebDarkViolet
clWebDarkOrchid
clWebMagenta
clWebDarkMagenta
clWebMediumVioletRed
clWebPaleVioletRed
clWebBlueViolet
clWebMediumOrchid
clWebMediumPurple
clWebPurple
clWebDeepPink
clWebLightPink
clWebViolet
clWebOrchid
clWebPlum
clWebThistle
clWebHotPink
clWebPink
clWebLightSteelBlue
clWebMediumSlateBlue
clWebLightSlateGray
clWebWhite
clWebLightgrey
clWebGray
clWebSteelBlue
clWebSlateBlue
clWebSlateGray
clWebWhiteSmoke
clWebSilver
clWebDimGray
clWebMistyRose
clWebDarkSlateBlue
clWebDarkSlategray
clWebGainsboro
clWebDarkGray
clWebBlack
TTimer
TTimer
ExtCtrls
Enabled|
Interval
OnTimerSV
TCommonDialog
TCommonDialog
Dialogs
Ctl3D(nA
HelpContext
OnClose
OnShowSV
Cancel
Ignore
NoToAll
YesToAll
commdlg_help
commdlg_FindReplace
WndProcPtr%.8X%.8X
TClipboard
TClipboardh
Clipbrd
_^[YY]
_^[YY]
THintAction4
THintAction
StdActns
comctl32.dll
InitializeFlatSB
UninitializeFlatSB
FlatSB_GetScrollProp
FlatSB_SetScrollProp
FlatSB_EnableScrollBar
FlatSB_ShowScrollBar
FlatSB_GetScrollRange
FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollRange
TThemeServices
Theme manager 
 2001, 2002 Mike Lischke
BDSUnthemedDesigner
comctl32.dll
 !"#$%
EMenuError
TMenuBreak
mbNone
mbBreak
mbBarBreak
TMenuChangeEvent
Sender
TObject
Source	TMenuItem
Rebuild
Boolean
TMenuDrawItemEvent
Sender
TObject
ACanvas
TCanvas
Selected
Boolean
TAdvancedMenuDrawItemEvent
Sender
TObject
ACanvas
TCanvas
TOwnerDrawState
TMenuMeasureItemEvent
Sender
TObject
ACanvas
TCanvas
Integer
Height
Integer
TMenuItemAutoFlag
maAutomatic
maManual
maParent
TMenuAutoFlag
TMenuActionLink
	TMenuItem
	TMenuItem
Action
	AutoCheck
AutoHotkeys
AutoLineReduction
Bitmap
Caption
Checkedt
SubMenuImages
Default
EnabledT
GroupIndex(nA
HelpContext
ImageIndex
	RadioItem|nA
ShortCut
Visible
OnClick,,C
OnDrawItem
OnAdvancedDrawItem
OnMeasureItem
TMenu83C
	TMainMenu
	TMainMenu44C
AutoHotkeys
AutoLineReduction
	AutoMergeLmA
BiDiModet
Images
	OwnerDraw
ParentBiDiMode
OnChange
TPopupAlignment
paLeft
paRight
paCenter
TTrackButton
tbRightButton
tbLeftButton
MenusL6C
TMenuAnimations
maLeftToRight
maRightToLeft
maTopToBottom
maBottomToTop
maNone
TMenuAnimation
TPopupMenu
TPopupMenu
	Alignment
AutoHotkeys
AutoLineReduction
	AutoPopupLmA
BiDiMode(nA
HelpContextt
Images
MenuAnimation
	OwnerDraw
ParentBiDiMode
TrackButton
OnChange
OnPopup
TPopupList
TMenuItemStack
1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ
Q<]_^[
ShortCutText
P?:S?u
Q<]_^[
@?:F?v
Q<]_^[
;~hu	3
$YZ]_^[
\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\
Layout File
KbdLayerDescriptor
_^[YY]
Ih;J4u
YZ]_^[
P\YZ_^
YZ]_^[
TScrollBarInc
TScrollBarStyle
	ssRegular
ssFlat
ssHotTrack
Formsl
TControlScrollBar
TControlScrollBarl
ButtonSize
	Incrementh
Margin
ParentColor<
Position<
Smooth<
Style<
	ThumbSize
Tracking
Visible
TWindowState
wsNormal
wsMinimized
wsMaximized
TScrollingWinControl
TScrollingWinControl
OnAlignInsertBefore
OnAlignPosition
HorzScrollBar
VertScrollBar
TFormBorderStyle
bsNone
bsSingle
bsSizeable
bsDialog
bsToolWindow
bsSizeToolWin
Formsh
IDesignerHookp
IOleForm4
TPopupWndArray
TFormStyle
fsNormal
fsMDIChild	fsMDIForm
fsStayOnTop
TBorderIcon
biSystemMenu
biMinimize
biMaximize
biHelp
TBorderIcons
	TPosition
poDesigned	poDefault
poDefaultPosOnly
poDefaultSizeOnly
poScreenCenter
poDesktopCenter
poMainFormCenter
poOwnerFormCenter
FormsL
TDefaultMonitor
	dmDesktop	dmPrimary
dmMainForm
dmActiveForm
TPrintScale
poNone
poProportional
poPrintToFit
TCloseAction
caNone
caHide
caFree
caMinimize
TCloseEvent
Sender
TObject
Action
TCloseAction
TCloseQueryEvent
Sender
TObject
CanClose
Boolean
TShortCutEvent
TWMKey
Handled
Boolean
THelpEvent
Command
Integer
CallHelp
Boolean
Boolean
TPopupMode
pmNone
pmAuto
pmExplicit
TCustomForm
TCustomForm
TFormP
Forms]
Actiond
ActiveControlP
AlphaBlendT
AlphaBlendValue
Anchors
AutoScroll
AutoSizeLmA
BiDiMode
BorderIcons
BorderStyle
BorderWidth
Caption<
ClientHeight<
ClientWidth
TransparentColor
TransparentColorValue
Constraints
UseDockManagerH
DefaultMonitor
DockSiteL
DragKind
DragMode
Enabled
ParentFont@.B
	FormStyle<
Height
HelpFile
HorzScrollBar
KeyPreview
Padding|4C
OldCreateOrder
ObjectMenuItem
ParentBiDiMode<
PixelsPerInchh7C
	PopupMenuL
	PopupMode
PopupParent
Position
PrintScale
Scaled
ScreenSnap
ShowHint<
SnapBuffer
VertScrollBar
Visible<
Widtht
WindowState
WindowMenu
OnActivateD
OnAlignInsertBefore
OnAlignPosition$
OnCanResize
OnClick,
OnClosep
OnCloseQuery
OnConstrainedResize 
OnContextPopup
OnCreate
OnDblClick
	OnDestroy
OnDeactivate
OnDockDropP
OnDockOver,
OnDragDrop
OnDragOver
	OnEndDock
OnGetSiteInfo
OnHide
OnHelp
	OnKeyDownh
OnKeyPress
OnKeyUpd
OnMouseActivate
OnMouseDown
OnMouseEnter
OnMouseLeave
OnMouseMove
	OnMouseUp$
OnMouseWheel
OnMouseWheelDown
OnMouseWheelUp
OnPaint
OnResize
OnShortCut
OnShowL
OnStartDock
OnUnDock
TCustomDockForm
TCustomDockForm<
PixelsPerInch
TMonitor
TScreen
TScreen|
	THintInfo@
TPopupFormArray
TApplication
TApplication
TGlassFrame
TGlassFramep
Enabled<
Right<
Bottom
SheetOfGlass
;X0t@S
+WH+W@
PixelsPerInch
TextHeight
IgnoreFontProperty
GlassFrame.Bottom
GlassFrame.Enabled
GlassFrame.Left
GlassFrame.Right
GlassFrame.SheetOfGlass
GlassFrame.Top
_^[YY]
S0_^[]
MDICLIENT
_^[YY]
_^[YY]
_^[YY]
_^[YY]
_^[YY]
_^[YY]
Ch;Ctt
Cd;Cpt
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
layout text
f;sDt~f
_^[YY]
TApplication
MAINICON
XD;PHu
sx;P`u
;B0uGj
;X0uG;u
_^[YY]
YZ]_^[
$Z]_^[
_^[YY]
_^[YY]
Y_^[Y]
_^[YY]
$Z]_^[
YZ]_^[
User32.dll
SetLayeredWindowAttributes
Jt'Jt5
TChangeLink
TImageIndex
TCustomImageList
TCustomImageList
ImgList
S0_^[]
R ;C0|
R,;C4}!
S`]_^[
Bitmap
comctl32.dll
comctl32.dll
ImageList_WriteEx
TContainedAction
TContainedActionP
ActnList
Category
TCustomActionList
TCustomActionListt
ActnList
TShortCutList
TShortCutListT
ActnList
TCustomAction
TCustomActionp
ActnList
TActionLinkSV
u*;~8u
YZ]_^[
S`Z]_^[
R0Z_^[
;Blu	3
$:Cjtc
R0Z_^[
R0]_^[
$;Ctt?
R0Z_^[
R0Z_^[
R0Z_^[
R0Z_^[
R0Z_^[
$Z]_^[
TCursor
TAlign
alNone
alBottom
alLeft
alRight
alClient
alCustom
Controls
TDragObject,
TDragObject
Controls
TBaseDragControlObject
TBaseDragControlObject
Controls
TDragControlObject
TDragControlObjectEx
TDragDockObject
TDragDockObject|
Controls
TDragDockObjectEx
TControlCanvas
TControlCanvas
Controls
TCustomControlAction
TCustomControlAction
Controls
TControlActionLink
TMouseButton
mbLeft
mbRight
mbMiddle
ControlsX
TMouseActivate
	maDefault
maActivate
maActivateAndEat
maNoActivate
maNoActivateAndEat
Controls
	TDragMode
dmManual
dmAutomatic
Controls
TDragState
dsDragEnter
dsDragLeave
dsDragMove
Controls
	TDragKind
dkDrag
dkDock
Controls
TCaption
TAnchorKind
akLeft
akRight
akBottom
Controls
TAnchors
TConstraintSize
TSizeConstraints
TSizeConstraintsX
Controls
	MaxHeight
MaxWidth
	MinHeight
MinWidth
TMarginSize
TMargins
TMargins
Controls
Right<
Bottom
TPadding
TPadding
Controls
Right<
Bottom
TMouseEvent
Sender
TObject
Button
TMouseButton
TShiftState
Integer
Integer
TMouseMoveEvent
Sender
TObject
TShiftState
Integer
Integer
TMouseActivateEvent
Sender
TObject
Button
TMouseButton
TShiftState
Integer
Integer
HitTest
Integer
MouseActivate
TMouseActivate
	TKeyEvent
Sender
TObject
TShiftState
TKeyPressEvent
Sender
TObject
TDragOverEvent
Sender
TObject
Source
TObject
Integer
Integer
TDragState
Accept
Boolean
TDragDropEvent
Sender
TObject
Source
TObject
Integer
Integer
TEndDragEvent
Sender
TObject
Target
TObject
Integer
Integer
TDockDropEvent
Sender
TObject
Source
TDragDockObject
Integer
Integer
TDockOverEvent
Sender
TObject
Source
TDragDockObject
Integer
Integer
TDragState
Accept
Boolean
TUnDockEvent
Sender
TObject
Client
TControl
	NewTarget
TWinControl
Boolean
TStartDockEvent
Sender
TObject	
DragObject
TDragDockObject
TGetSiteInfoEvent
Sender
TObject
DockClient
TControl
InfluenceRect
MousePos
TPoint
CanDock
Boolean
TCanResizeEvent
Sender
TObject
NewWidth
Integer
	NewHeight
Integer
Resize
Boolean
TConstrainedResizeEvent
Sender
TObject
MinWidth
Integer
	MinHeight
Integer
MaxWidth
Integer
	MaxHeight
Integer
TMouseWheelEvent
Sender
TObject
TShiftState
WheelDelta
Integer
MousePos
TPoint
Handled
Boolean
TMouseWheelUpDownEvent
Sender
TObject
TShiftState
MousePos
TPoint
Handled
Boolean
TContextPopupEvent
Sender
TObject
MousePos
TPoint
Handled
Boolean
TControl
TControl
Controls
AlignWithMargins<
Width<
Height8
Cursor
HintDnA
HelpType
HelpKeyword(nA
HelpContext
Margins
TWinControlActionLink
TImeName
TBorderWidth
IDockManager4
Controls
TAlignInsertBeforeEvent
Sender
TWinControl
TControl
TControl
Boolean
TAlignPositionEvent
Sender
TWinControl
Control
TControl
NewLeft
Integer
NewTop
Integer
NewWidth
Integer
	NewHeight
Integer
	AlignRect
	AlignInfo
TAlignInfo
TWinControl
TWinControl
Controls
TCustomControl
TCustomControl
Controls
THintWindow
THintWindowD
Controls
	TDockZone
	TDockTree
TMouse
crDefault
crArrow
crCross
crIBeam
crSizeNESW
crSizeNS
crSizeNWSE
crSizeWE
crUpArrow
crHourGlass
crDrag
crNoDrop
crHSplit
crVSplit
crMultiDrag
crSQLWait
crAppStart
crHelp
crHandPoint
crSizeAll
crSize
	TSiteList
_^[YY]
S$_^[]
YZ]_^[
t%Jt?Jt[
%s (%s)
YZ]_^[
R\Z_^[
ty;s@u
;CLt_3
_^[YY]
;s0t=;
IsControl
ExplicitLeft
ExplicitTop
ExplicitWidth
ExplicitHeight
_^[YY]
_^[YY]
+WH+W@
YZ]_^[
:GauQFKu
DesignSize
_^[YY]
_^[YY]
_^[YY]
_^[YY]
YZ]_^[
_^[YY]
YZ]_^[
YZ]_^[
YZ]_^[
YZ]_^[
YZ]_^[
S8_^[]
t9;wlt4
t';C8u
QQQQSVW
t$;^dt
BP_^[]
USER32
WINNLSEnableIME
imm32.dll
ImmGetContext
ImmReleaseContext
ImmGetConversionStatus
ImmSetConversionStatus
ImmSetOpenStatus
ImmSetCompositionWindow
ImmSetCompositionFontA
ImmGetCompositionStringA
ImmIsIME
ImmNotifyIME
Delphi%.8X
ControlOfs%.8X%.8X
USER32
AnimateWindow
Jt'Jt5
TVariantArray
	OleServer
TConnectKind
ckRunningOrNew
ckNewInstance
ckRunningInstance
ckRemote
ckAttachToInterface	OleServer
TServerEventDispatch
TOleServer
TOleServerP
	OleServer
AutoConnect4
ConnectKind
RemoteMachineName
IMessengerd
MessengerAPI_TLB"
IMessenger2
MessengerAPI_TLB
IMessenger3
MessengerAPI_TLB
CoMessengerU
TGdiplusBase
TGPImage
	TGPBitmap
TGPGraphicsRP
image/jpeg
image/bmp
ESocketError
TBaseSocket
TBaseSocket,
Sockets
TSocketHost
TSocketPort
	TIpSocket
	TIpSocket,
Sockets
TCustomIpClientt
TCustomIpClient
Sockets
%d.%d.%d.%d
0.0.0.0
WSAStartup
WSACleanup
kernel32.dll
CreateToolhelp32Snapshot
Heap32ListFirst
Heap32ListNext
Heap32First
Heap32Next
Toolhelp32ReadProcessMemory
Process32First
Process32Next
Process32FirstW
Process32NextW
Thread32First
Thread32Next
Module32First
Module32Next
Module32FirstW
Module32NextW
PSAPI.dll
EnumProcesses
EnumProcessModules
GetModuleBaseNameA
GetModuleFileNameExA
GetModuleBaseNameW
GetModuleFileNameExW
GetModuleInformation
EmptyWorkingSet
QueryWorkingSet
InitializeProcessForWsWatch
GetMappedFileNameA
GetDeviceDriverBaseNameA
GetDeviceDriverFileNameA
GetMappedFileNameW
GetDeviceDriverBaseNameW
GetDeviceDriverFileNameW
EnumDeviceDrivers
GetProcessMemoryInfo
TByteArray
UntRC4
_^[YY]
_^[YY]
t:HtVH
_^[YY]
TSearchThreadU
TApplication
_AMMediaTypeH
_PinInfo
DirectShow9
IFilterGraph4
DirectShow9
IMediaFilter
DirectShow9
IBaseFilter<#F
DirectShow9
IGraphBuilder
DirectShow9
ICaptureGraphBuilder24
DirectShow9	
IAMStreamConfig4
DirectShow9
IAMVideoProcAmp4
DirectShow9
IKsPropertySet4
DirectShow9
IMediaControld
DirectShow9	
IMediaEventd
DirectShow9
IMediaEventEx
DirectShow9
IVideoWindowd
DirectShow9'
ISampleGrabberCB4
DirectShow9
ISampleGrabber4
DirectShow9
TSampleGrabberCBInt
VSample
TSampleGrabberCBImpl
TSampleGrabberCB
VSample8(F
TVideoSample
QQQQQQQSV
QQQQSVW
_^[YY]
MJPGte
_^[YY]
VFrames
TVideoImage
NewFrame
QQQQQSVW
r*-H420to-
-YUNVt=-
Unknown compression
DataSize: 
  FourCC: 
_^[YY]
	TDCWebCam
_^[YY]
127.0.0.1
BuildImportTable: can't load library: 
BuildImportTable: ReallocMemory failed
BuildImportTable: GetProcAddress failed
_^[YY]
FinalizeSections: VirtualProtect failed
BTMemoryLoadLibary: dll dos header is not valid
BTMemoryLoadLibary: IMAGE_NT_SIGNATURE is not valid
BTMemoryLoadLibary: VirtualAlloc failed
 BTMemoryLoadLibary: BuildImportTable failed
BTMemoryLoadLibary: Get DLLEntyPoint failed
BTMemoryLoadLibary: Can't attach library
BTMemoryGetProcAddress: no export table found
BTMemoryGetProcAddress: DLL doesn't export anything
BTMemoryGetProcAddress: exported symbol not found
BTMemoryGetProcAddress: name <-> ordinal number don't match
TACMConvertor
TACMIn
TPUtilWindow
S	_^[]
-.-.-.-
need dictionary
stream end
file error
stream error
data error
insufficient memory
buffer error
incompatible version
{8+{p+{h
;ChwpV
)sl)sh)kX
$;4$w	f
$;4$w	f
Sh#S0f
K\;K|wY
Sh#S0f
Kt;K|sy
StJ)Sp
D$(#D$8
l$()t$,
t:;t$,v
l$()t$,
L$(#L$<
l$()t$,
;t$,v:
l$()t$,
`;t$ v?
T$$J;D$ v0
K,;K$u
S(;S$s
Vd;VXr
L$%#T$
L$%#T$
_^[YY]
dwmapi.dll
DwmIsCompositionEnabled
dwmapi.dll
DwmEnableComposition
TDataThread
TDumpThread
127.0.0.1:1604
#KCMDDC51#-
Unknow
cmd.exe
Unknow
Not Available
Removable
Network
CD-ROM
WinDrive
Shell_traywnd
TrayNotifyWnd
TrayClockWClass
Shell_traywnd
TrayNotifyWnd
TrayClockWClass
Shell_traywnd
TrayNotifyWnd
Shell_traywnd
TrayNotifyWnd
Shell_traywnd
ReBarWindow32
Shell_traywnd
ReBarWindow32
Progman
Progman
REG_SZ
REG_DWORD
REG_EXPAND_SZ
REG_BINARY
Maximized
Normal
Minimized
Show/Unactive
Normal/Unactive
Maximized
Normal
Minimized
Show/Unactive
Normal/Unactive
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
command
SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
location
SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
tcHt(Ht3
_^[YY]
Unknow
Offline
Online
Invisible
Be Right Back
On The Phone
Out to lunch
tjHt+Ht7
Offline
Online
Invisible
Be Right Back
On The Phone
Out to lunch
\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
AppData
\uTorrent\
*.torrent
Software
Microsoft
Windows
CurrentVersion
Policies
System
DisableTaskMgr
Button
Shell_TrayWnd
Shell_TrayWnd
Shell_TrayWnd
set cdAudio door open
Shell_TrayWnd
BUTTON
System\CurrentControlSet\Services\
Description
UNKNOW
STOPED
RUNNING
PAUSED
STARTED
STOPED_P
CONTINUE_P
PAUSED_P
System\CurrentControlSet\Services\
Description
Software
Microsoft
Windows
CurrentVersion
Policies
System
DisableTaskMgr
Software
Microsoft
Windows
CurrentVersion
Policies
System
DisableRegistryTools
Software
Microsoft
Windows
CurrentVersion
Policies
System
EnableLUA
Software
Microsoft
Security Center
AntiVirusDisableNotify
SYSTEM
CurrentControlSet
Services
SharedAccess
Parameters
FirewallPolicy
StandardProfile
EnableFirewall
SYSTEM
CurrentControlSet
Services
SharedAccess
Parameters
FirewallPolicy
StandardProfile
DisableNotifications
SYSTEM
CurrentControlSet
Services
wscsvc
Software
Microsoft
Security Center
UpdatesDisableNotify
Software
Microsoft
Windows
CurrentVersion
Policies
Explorern
NoControlPanel
Software
Microsoft
Security Center
AntiVirusDisableNotify
SYSTEM
CurrentControlSet
Services
wscsvc
Software
Microsoft
Security Center
UpdatesDisableNotify
Software
Microsoft
Windows
CurrentVersion
Policies
Explorern
NoControlPanel
drivers\etc\hosts
drivers\etc\hosts
I wasn't able to open the hosts file, maybe because UAC is enabled in remote computer!
 IP : 
 IP Mask : 
 Broadcast adress : 
 Status : UP
 Status : DOWN
 Broadcasts : YES
 Broadcasts : NO
 Loopback interface
 Network interface
QQQQQQQSVW
TByteArray
UntFWB
\Internet Explorer\iexplore.exe
explorer.exe
QQQQQQQQS3
$YZ_^[
t"+G4PWV
tnh,DG
tSh<DG
t8hPDG
wlanapi.dll
WlanOpenHandle
WlanCloseHandle
WlanEnumInterfaces
WlanQueryInterface
WlanGetAvailableNetworkList
t;NtGNtSNt_
80211_OPEN
80211_SHARED_KEY
WPA_PSK
WPA_NONE
RSNA_PSK
IHV_START
IHV_END
Nt Nt,
WEP104
WPA_USE_GROUP OR RSN_USE_GROUP
IHV_START
IHV_END
SVWUhzNG
R@PSWV
FXhXTG
F h8TG
F$hDTG
notepad
kernel32.dll
user32.dll
MessageBoxA
ExitThread
DeleteFileA
GetLastError
TerminateProcess
CloseHandle
OpenProcess
GetExitCodeProcess
LoadLibraryA
kernel32
GetProcAddress
F4hXZG
F0h,ZG
F hDZG
F(hlZG
notepad
DCPERSFWBP
kernel32.dll
user32.dll
MessageBoxA
CreateProcessA
GetLastError
SetLastError
CreateMutexA
CloseHandle
ExitThread
OpenProcess
TerminateProcess
GetExitCodeProcess
WaitForSingleObject
LoadLibraryA
kernel32
GetProcAddress
user32
TUploadFTP
QQQQQSVW
cmd.exe
notepad.exe
INSTALL
KEYNAME
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
notepad
IDTYPE
SERVER
%ShortCut#
RELATEDCMD
GetSIN
 64 bit
 32 bit
infoes
RefreshSIN
backinfoes
RunPrompt
GetDrives
Drives
GetSrchDrives
SrchDrives
GETMONITORS
RESMON
1SCDesktop
FMGRSC
1SCMydocs
CloseServer
notepad.exe
RestartSocket
RestartServer
ping 127.0.0.1 -n 4 > NUL && "
RunSelectedAsAdmin
FILM003
RunSelectedShow
FILEM004
RunSelectedHidden
AddSize
DeleteFiles
SendFilesToTrash
EmptyBin
AttribNormal
AttribHidden
AttribRO
AttribSystem
AttribArchive
AttribTemp
GetFileAttrib
Read-Only
Archive
System
ResultAttrib
File Attrib : [ 
PastMultiVM
RefreshList
CutMultiFiles
ShortCut
RenameFile
FILEM007
MoveFold
FILEM006
MkeDir
FILEM002
DelDir
rmdir "
" /s /q
HideFolder
ShowFolder
NETDRV
REFRESHPROC
PROCESS
REFRESHMODS
MODULES
KillProcess
SuccesProc
KILLPID
KillSProcess
HKNewInt
HKNewExpandString
GetWindow
CloseW
Maximize
Minimize
ChangeWindowName
GetAppList
DeleteReg
RenAppReg
UninstallAPP
GetServList
StartServices
StopServices
RemoveServices
InstallService
GetStartUpList
DelMSKey
CleanMsConfig
InstallHKEY
MSNONLINE
MSNBUSY
MSNAWAY
MSNOFFINE
MSNSIGNOUT
GETMSNINFO
MSNINFO
GetMsnList
DelContact
AddContact
BlockContact
UnBlockContact
ActiveOnlineKeylogger
UnActiveOnlineKeylogger
GETLOGSHISTORY
KeylogOn
dclogs\
ActiveOfflineKeylogger
UnActiveOfflineKeylogger
ActiveOnlineKeyStrokes
UnActiveOnlineKeyStrokes
GetOfflineLogs
Shutdown
RestartComp
LogOffComp
PowerOff
ScreenSaver
LockComp
GetFullInfo
OFFLINEK
GetSystemInfo
OpenWebPage
PrintText
tmpprint.txt
RefreshClipboard
GetClipT
GetClipF
SendYourClipboard
ToGetClipT
WriteClip
ClearC
GetTorrent
ListCam
DISPCAMS
GetPrivilege
HideDeskTop
ShowDeskTop
HideClock
ShowClock
HideTaskBarIcons
ShowTaskBarIcons
HideSystemTrayIcons
ShowSystemTrayIcons
HideTaskBar
ShowTaskBar
HideStartButton
ShowStartButton
DisableStartButton
EnabledStartButton
DisabledTaskManager
EnabledTaskManager
OpenCD
CloseCD
Set cdaudio door closed wait
SvrUninstall
URLUpdate
TraceRoute
TraceResult
#GetClipboardText
#SendClip
#SendTaskMgr
taskmgr
#FreezeIO
#UnFreezeIO
MSGBOX
GetMiniWind
Redirection
#BOT#VisitUrl
#BOT#OpenUrl
HTTP://
http://
BTRESULTOpen URL|
 is now open!|
#BOT#Ping
BTRESULTPing|Respond [OK] for the ping !|
#BOT#RunPrompt
BTRESULTRun command|
 Command successfully executed!|
#BOT#CloseServer
BTRESULTClose Server|close command receive, bye bye...|
#BOT#SvrUninstall
BTRESULTUninstall|uninstall command receive, bye bye...|
#BOT#URLUpdate
BTERRORUpdate from URL| Error on downloading file check if you type the correct url...|
BTRESULTUpdate from URL|Update : File Downloaded , Executing new one in temp dir...|
#BOT#URLDownload
RPCLanScan
GateWay
GetActivePorts
out.txt
tmp.txt
netstat -a -n -o
DDOSHTTPFLOOD
DDOSSYNFLOOD
DDOSUDPFLOOD
[ChangeID]
GENCODE
#GetScreenSize
#RemoteScreenSize
%IPPORTSCAN
Md5GetFromFile
md5result
WallPaper
FILEM005
WavPlay
HWINDSENDTEXT
SpeakerVoice
SAPI.SpVoice
GetHostsFile
GETDRIVEINFO
DELETELOG
REFRESHLOGS
PREVIEWF
ADDSOCKS5
SOCKS5FLUSH
SOCKS5CLOSE
DOWNLOADFILE
DOWNLOADFOLDER
DWNFOLDERRES
UPFLUX
UPLOADFILE
SEARCHFILES
STOPSEARCH
ACTIVEREMOTESHELL
DOSCAP
SUBMREMOTESHELL
KILLREMOTESHELL
DESKTOPCAPTURE
DESKTOPSTOP
WEBCAMLIVE
WEBCAMSTOP
DESKTHMB
REFRESHWIFI
SOUNDCAPTURE
SOUNDSTOP
QUICKUP
PLUGIN
PASSWORD
CHATOUT
CHATNUDGE
CLOSECHAT
RDPCAPTURE
FTPFILEUPLOAD
URLDOWNLOADTOFILE
OFFLINEK
Unknow
TQuickTransfer
UPLOADEXEC
UPDATE
UPANDEXEC
drivers\etc\hosts
EDITSVR
GENCODE
PASSWORD
DCSC_GRABPWDS
DCSC_INITCHAT
DCSC_POSTDATA
DCSC_CHATNUDGE
DCSC_DESTROYCHAT
DCSC_CHATRELOAD
PLUGIN
QUICKUP
FILEEND
TScreenThumb
TReceiveDataFlux
UPFLUX
TSendFileThreadU
FILETRANSFER
FILEBOF
FILEERR
FILEEOF
FILEEND
TReceiveFileThread
UPLOADFILE
FILEBOF
FILEEOF
FILEEND
FILEERR
QQQQQQSV
FTPPORT
FTPPASS
FTPUSER
FTPHOST
FTPROOT
dclogs\
dclogs\
:: Clipboard Change : size = 
 Bytes (
FTPUPLOADK
FTPSIZE
\newl\
\space\
ONLINESTROKES\newl\:: 
ONLINESTROKES
[NUM_LOCK]
[SNAPSHOT]
[LEFT]
[RIGHT]
[DOWN]
dclogs\
_^[YY]
0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ/*-+.=
BTRESULTUDP Flood|UDP Flood task finished!|
_^[YY]
0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ/*-+.=
BTRESULTSyn Flood|Syn task finished!|
TScanRange
u>h<-H
PortScanAdd
LanErr
127.0.0.1
LanList
LanErr
DATAFLUX
TVisitThread
myappname
BTRESULTVisit URL|finished to visit 
 Times.
BTERRORVisit URL|An exception occured in the thread|
POST /index.php/1.0
Host: 
BTRESULTHTTP Flood|Http Flood task finished!|
UntProcess
SYSERRNot a valid range set!
SYSERRCannot open remote process for reading..
SYSERRCannot create the output file!
SYSINFORemote process (
) successfully dump in 
Normal
Real Time
> of the Normal
< of the Normal
ACCESS DENIED (x64)
TDownloaderThreadU
Mozilla
BTRESULTMass Download|Downloading File...|
DownloadSuccess
DownloadFail
BTRESULTDownload File|Mass Download : File Downloaded , Executing new one in temp dir...|
BTERRORDownload File| Error on downloading file check if you type the correct url...|
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit
UserInit
QQQQS3
Software\Microsoft\Windows NT\CurrentVersion\Winlogon
UserInit
TRDPThread
;Gdth3
TAsyncTask
out.txt
tmp.txt
systeminfo
SYSINFO
TSoundCapture
EndReceive
TKeepAlive
#KEEPALIVE#
TConnectionHandler
TSocks5Config
OK|Successfully started..|
ERR|Socket error..|
ERR|Cannot listen to port, try another one..|
QQQQQSVW
QQQQQQQSVW
QQQQQQQQSVW3
SOCKS5STATUS
TCaptureWebcam
CAMERA
#CAMEND
ENDSNAP
TScreenCapture
DESKTOP
ENDSNAP
TInputsControl
CONTROLIO
XWHEEL
XRIGHT
MONSIZE
DISPLAY
MONSIZE0x0x0x0
DEFAULT MONITOR (DISPLAY)
cmd.exe
taskmgr.exe
image/jpeg
QQQQQSVW
TSendDataFluxThread
DATAFLUX
TRemoteShell
COMSPEC
TPlugThread
_^[YY]
0123456789ABCDEFGHJKLMNPQRSTUVWXYZ
cmd.exe
Control Panel\Desktop
Wallpaper
net start uxsms
net stop uxsms
SeShutdownPrivilege
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
DisplayName
DisplayVersion
InstallLocation
Publisher
UninstallString
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
OpenProcessToken error
GetTokenInformation error
BlockInput
USER32.DLL
_^[YY]
Software
DC2_USERS
_^[YY]
Software
DC2_USERS
Default
Limited
unknow
QQQQQQSVW
 Days and 
QQQQQQSVW
Software
DC3_FEXEC
Unknow
_^[YY]
Software
DC3_FEXEC
 Bytes
_DCEntryPoint
QQQQQQQQSVW
Local drive (default)
%.4x:%.4x
IsWow64Process
kernel32
HARDWARE\DESCRIPTION\System
SystemBiosDate
HARDWARE\DESCRIPTION\System
Identifier
HARDWARE\DESCRIPTION\System\CentralProcessor\0
Identifier
HARDWARE\DESCRIPTION\System\CentralProcessor\0
VendorIdentifier
Unknow
Windows NT 4.0
Windows 2000
Windows XP
Windows Server 2003
Windows Vista
Windows 7
Windows 95
Windows 98
Windows Me
0x%.2x%.2x%.2x%.2x%.2x%.2x
memory allocation failed!
%.2x-%.2x-%.2x-%.2x-%.2x-%.2x
_^[YY]
TServerReaderU
#32770
SysListView32
KEYNAME
KEYNAME
TaskbarCreated
Delphi Picture
Delphi Component
TaskbarCreated
DCDATA
GENCODE
NETDATA
DCMUTEX
EDTPATH
COMBOPATH
INSTALL
KEYNAME
CHANGEDATE
EDTDATE
FAKEMSG
MSGICON
MSGTITLE
MSGCORE
FILEATTRIB
DIRATTRIB
CHIDEF
attrib "
" +s +h
CHIDED
notepad
PERSINST
MULTIBIND
MULTIPLUGS
Runtime error     at 00000000
0123456789ABCDEF
MS Sans Serif
0123456789abcdef
 deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly 
invalid distance too far back
invalid distance code
invalid literal/length code
incorrect header check
unknown compression method
invalid window size
invalid block type
invalid stored block lengths
too many length or distance symbols
invalid code lengths set
invalid bit length repeat
invalid literal/lengths set
invalid distances set
invalid literal/length code
invalid distance code
invalid distance too far back
incorrect data check
 inflate 1.2.3 Copyright 1995-2005 Mark Adler 
								
E`E`E`E`E`E`E`E`E`E`E`E`E`E`E`E`E
E`E`E`E`E`E`E`E`
dElElElElElElElEl
oleaut32.dll
SysFreeString
SysReAllocStringLen
SysAllocStringLen
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
user32.dll
GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
kernel32.dll
GetACP
VirtualFree
VirtualAlloc
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
kernel32.dll
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
user32.dll
CreateWindowExA
mouse_event
keybd_event
WindowFromPoint
WaitMessage
VkKeyScanA
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
ToAscii
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRectEmpty
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxA
MapWindowPoints
MapVirtualKeyA
LockWorkStation
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsClipboardFormatAvailable
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextLengthA
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessagePos
GetMessageA
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastInputInfo
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowExA
FindWindowA
FillRect
ExitWindowsEx
EqualRect
EnumWindows
EnumThreadWindows
EnumDisplayDevicesA
EnumClipboardFormats
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout
gdi32.dll
UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
RectVisible
RealizePalette
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
ExtTextOutA
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
BitBlt
version.dll
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
kernel32.dll
lstrcpyA
WriteProcessMemory
WriteFile
WinExec
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQuery
VirtualProtectEx
VirtualProtect
VirtualFreeEx
VirtualFree
VirtualAllocEx
VirtualAlloc
VerLanguageNameA
UnmapViewOfFile
TerminateProcess
SizeofResource
SetThreadPriority
SetThreadLocale
SetThreadContext
SetLastError
SetFileTime
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadProcessMemory
ReadFile
PeekNamedPipe
OpenProcess
MultiByteToWideChar
MulDiv
MoveFileA
MapViewOfFile
LockResource
LocalFileTimeToFileTime
LocalAlloc
LoadResource
LoadLibraryA
LeaveCriticalSection
IsBadReadPtr
InitializeCriticalSection
HeapFree
HeapAlloc
GlobalUnlock
GlobalMemoryStatus
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetWindowsDirectoryA
GetVolumeInformationA
GetVersionExA
GetVersion
GetUserDefaultLangID
GetTickCount
GetThreadLocale
GetThreadContext
GetTempPathA
GetSystemPowerStatus
GetSystemDirectoryA
GetStdHandle
GetProcessHeap
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileTime
GetFileSize
GetFileAttributesA
GetExitCodeThread
GetExitCodeProcess
GetEnvironmentVariableA
GetDriveTypeA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameA
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitThread
ExitProcess
EnumResourceNamesA
EnumCalendarInfoA
EnterCriticalSection
DosDateTimeToFileTime
DeleteFileA
DeleteCriticalSection
CreateThread
CreateRemoteThread
CreateProcessA
CreatePipe
CreateMutexA
CreateFileMappingA
CreateFileA
CreateEventA
CreateDirectoryA
CopyFileA
CompareStringA
CloseHandle
advapi32.dll
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegOpenKeyA
RegFlushKey
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyA
RegCloseKey
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueA
LookupPrivilegeNameA
LookupPrivilegeDisplayNameA
LookupAccountSidA
IsValidSid
GetUserNameA
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
GetCurrentHwProfileA
AdjustTokenPrivileges
wsock32.dll
__WSAFDIsSet
WSACleanup
WSAStartup
WSAGetLastError
gethostname
getservbyname
gethostbyname
gethostbyaddr
socket
shutdown
sendto
select
listen
ioctlsocket
inet_ntoa
inet_addr
getsockname
connect
closesocket
accept
kernel32.dll
ole32.dll
CoTaskMemFree
StringFromCLSID
shell32.dll
ShellExecuteExA
ShellExecuteA
SHGetFileInfoA
SHFileOperationA
DragQueryFileA
oleaut32.dll
GetErrorInfo
GetActiveObject
SysFreeString
ole32.dll
CoTaskMemFree
CLSIDFromProgID
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID
URLMON.DLL
URLDownloadToFileA
oleaut32.dll
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
comctl32.dll
_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
wininet.dll
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpQueryInfoA
FtpPutFileA
shell32.dll
SHGetSpecialFolderLocation
SHGetPathFromIDListA
winmm.dll
waveInUnprepareHeader
waveInStart
waveInReset
waveInPrepareHeader
waveInOpen
waveInClose
waveInAddBuffer
PlaySoundA
mciSendStringA
netapi32.dll
Netbios
gdiplus.dll
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipSaveImageToStream
GdipDisposeImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
advapi32.dll
StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
EnumServicesStatusA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
msacm32.dll
acmStreamUnprepareHeader
acmStreamPrepareHeader
acmStreamConvert
acmStreamReset
acmStreamSize
acmStreamClose
acmStreamOpen
ntdll.dll
NtQuerySystemInformation
netapi32.dll
NetApiBufferFree
NetShareGetInfo
NetShareEnum
WS2_32.DLL
WSAIoctl
SHFolder.dll
SHGetFolderPathA
NtUnmapViewOfSection
user32.dll
EnumDisplayMonitors
GetMonitorInfoA
SHELL32.DLL
SHEmptyRecycleBinA
AVICAP32.DLL
capGetDriverDescriptionA
0(0<0T0h0|0
1!141d1s1
2 2$2(2,2F2N2V2^2f2n2v2~2
3&3.363>3F3N3V3^3f3n3v3~3
6%6H6b6x6
7!7&7K7T7g7r7}7
;*;=;J;g;p;
;9<C<Z<
=2=;=y=
>U>_>v>
?+?\?f?l?
6+616I6V6^6g6u6
?"?C?\?u?
14181<1@1D1H1L1P1T1
5 6'6.6
30O1g1x1
4Q4a4w4
9.:B:J:`:x:
<&<}<	=
=!=J=S=
;0c0j0
1!1,1=1|1
3!3/3J3_3i3n3
354>4C4e4r4
5$5a6}6
"1@1X1x1
6"6*6R6|6
748J8R8Z8b8j8r8z8
9"9*929:9B9J9R9Z9b9j9r9
:":*:2:::B:J:R:Z:b:j:r:z:
;";*;2;:;B;J;R;Z;b;j;r;z;
<"<*<2<:<B<J<R<Z<b<j<r<z<
="=*=2=:=B=J=R=Z=b=j=r=z=
>">*>2>:>B>J>R>Z>b>j>r>z>
?"?*?2?:?B?J?R?Z?b?j?r?z?
0"0*020:0B0J0R0Z0b0j0r0z0
1"1*121:1B1J1R1Z1b1j1r1z1
2"2*222:2B2J2R2Z2b2j2r2z2
3"3*323:3B3J3R3Z3b3j3r3z3
4"4*424:4B4J4R4Z4b4j4r4z4
5"5*525:5B5J5R5Z5b5~5
7J7R7Z7b7j7r7z7
8 8(80888@8H8P8X8`8h8p8x8
9 9(90989@9H9P9X9`9h9p9x9
: :(:0:8:@:H:P:X:`:h:p:x:
; ;0;H;P;\;p;x;|;
<,<4<8<<<@<D<H<L<P<T<h<
=<=D=H=L=P=T=X=\=`=d=t=
>,>L>T>X>\>`>d>h>l>p>t>
? ?$?8?X?`?d?h?l?p?t?x?|?
0 0$0(0,000@0`0h0l0p0t0x0|0
1 1$1(1,1014181L1l1t1x1|1
2$2,2024282<2@2D2H2L2d2
383@3D3H3L3P3T3X3\3`3p3
4,4L4T4X4\4`4d4h4l4p4t4
5 5$5(5,5<5\5d5h5l5p5t5x5|5
6 6$6(6,6064686
0?1P1f1
=!=%=)=-=1=5=9=
2:4O4Z5
6p7!8;8E8
1%2,2i2m2q2u2y2}2
4-4A4U4
6.7A7t7
8 8,8L8
?0?H?t?
4+4N4{4
4+555[5w5
6&6@6R6
9K9P9X9
=+=2=J=Q=d=|=
>8>G>[>
2 2*2/252:2@2E2K2R2X2]2c2h2n2u2{2
283A3J3P3a3l3q3
454X4u4
;Z;_;m;v;
;'<5<P<Y<t<
=&=>=G=[=i=}=
>.>>>F>[>c>
0-1k1u1!2n2
9.:?:b:|:
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
< <(<,<4<8<@<D<L<P<X<\<d<h<p<t<|<
=$=(=0=4=<=@=H=L=T=X=`=d=l=p=x=|=
>#>->7>A>L>V>a>k>v>
?.?6?>?F?N?V?\?u?
0&0.060>0F0N0V0^0
1.1d1q1
2<2I2r2
5!5&51575<5G5M5R5]5c5h5s5y5~5
6#6)6.696?6D6O6U6Z6e6k6p6{6
8$8V8Z8^8v8
9 989<9P9p9x9|9
:8:@:D:H:L:P:T:X:\:`:|:
; ;$;(;D;d;l;p;t;x;|;
<0<8<<<@<D<H<L<P<T<X<x<
= =$=D=d=l=p=t=x=|=
>#>2>I>{>
?"?9?k?
131B1Y1h1
2@2O2f2
3*3a3o3~3
647#:1:
;,;Q;x;
1/13171;1?1C1G1K1O1S1W1[1_1c1g1k1o1s1w1{1
2S3W3[3_3c3g3k3o3s3w3{3
:.;G;b;
<#<'<+</<3<7<;<?<C<G<K<O<S<l<
<#>'>+>/>3>7>;>?>C>G>K>O>S>W>[>_>c>g>k>o>s>w>
0.1G1_1
2"2&2*2.222A2~2
3"4:4R4j415U5
6B6[6t6
7 7$7(7,7074787<7@7D7H7\7
9 9$9m9r:v:z:~:
=D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
0"0&0*0.02060:0>0B0F0J0N0R0V0Z0^0b0
8$9A9y9
="=&=*=.=2=6=:=>=B=F=J=N=R=V=Z=^=2?
0%0Y0r0
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4D6
8@=_=w=
2W2f2s2~2
3;3G3S3]3g3q3|3
4$4,444<4D4L4T4\4d4l4t4|4
;<;@;D;H;L;P;
=!=+===L=d=
>">(>D>\>|>
?<?D?H?L?P?T?X?\?`?d?|?
0 000P0X0\0`0d0h0l0p0t0x0
1 1$1(181X1`1d1h1l1p1t1x1|1
2 2$2(2,2024282H2h2p2t2x2|2
3 3(3,3034383<3@3D3H3\3|3
484@4D4H4L4P4T4X4\4`4d4h4l4p4|4
5(585D5H5P5T5X5\5`5d5h5l5p5t5x5|5
6$6(686@6D6H6L6P6T6X6\6`6d6h6l6p6~6
7$7,7074787<7@7D7H7L7P7T7X7\7`7d7h7l7p7t7x7|7
818<8L8\8d8h8l8p8t8x8|8
9,9=9A9T9t9|9
: :$:(:<:H:\:d:h:l:p:t:x:|:
; ;$;(;@;`;h;l;p;t;x;|;
< <.<D<d<l<p<t<x<|<
<v=z=~=
> >$>(>,>0>4>8><>@>D>X>x>
?$?8?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
0 0(0,0004080<0@0D0H0L0P0\0p0
1%1A1P1T1\1`1l1p1x1|1
2 2$2(2,2024282<2L2\2`2p2
303@3L3P3X3\3`3d3h3l3p3t3x3|3
5 5@5H5L5P5T5X5\5`5d5h5z6
8	8 8?8
:	;>;P;g;
>$>T>Y>
>(?-?f?
;0H0W0b0t0
1#1(1F1S1b1t1y1
2 2$2(2,20242
4"4E4P4w4
7,8O8i8{8
<1<N<w<
242 3Y3
8 9'9z9
<6===^=[>m>
>,?>?[?
,030b2
4$484@4D4H4L4P4T4X4\4`4d4r4z4
9"9M9Y9h9
:P:U:t:
=">)>@>k>
T0X0{0
3#3'3+3/33373;3?3C3
6+686F6	7
=#='=+=/=3=7=;=?=C=G=K=O=S=W=[=_=c=g=k=o=s=w=
1K2]2d2
3F3J3N3R3V3Z3^3b3f3j3n3r3v3z3~3
797C7S7Y7m7w7
8+888G8W8
<+=0=\=
>,>2>;>H>i>n>
0W1Q2\2
0J0O0a0
1>1F1d1i1r1x1
1&2?2K2R2\2t2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5?5K5R5]5o5
6 6$6(666[6b6:8
9G9S9Z9e9w9
:$:(:,:0:4:8:<:@:D:d:}:
:$;6;<;T;
= =$=(=,=0=4=8=<=@=D=H=P=d=y=}=
>*>6>@>K>O>`>d>h>
?(?,?0?G?K?O?h?x?
0&0*0.0F0J0N0h0x0
1,1<1L1T1X1\1`1d1h1l1p1t1x1|1
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3h3x3
4$4(4044484<4@4D4H4L4P4T4X4\4`4n4|4
545<5@5D5H5L5P5T5X5\5`5t5
6 6$646C6G6X6x6
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7l7p7t7
8 8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
9 9$9(9,9094989@9X9t9x9
=C=n=~=
_2o2g4w4
4Y5^5c5w5
6#646m6
757<7u7
8(8O8^8
8=9B9b9s;x;
<$<B<_<
<2=?=]=
=?>D>{>
0L1`1m1
616>6}6
6=7b7t7
7 8<8C8
:!:-:A:O:^:u:
8&8F8i8&:r:
=9>I>`>p>
>(?:?W?
1A1P1^1o1
3?4O4f4~5
5&6\6z6	7
9A9v:f;
4M4^5x5
6#6;6K6
576>6S6
4%4=4L4i4
5)5F5z5
686@6D6H6L6P6T6X6\6`6
8,9E9c9o9z9
: :0:8:@:H:P:X:x:
;,;4;8;<;@;D;H;L;P;T;b;j;?<o<
1O1]1{1
2J2Z2e2j2u2z2
667d7m7
:Q;U;Y;];a;e;i;m;q;u;y;};
<"<+<8<=<H<Q<`<w<
=$=(=,=0=4=8=<=@=D=H=L=P=d=
?"?*?0?C?h?y?
040<0@0D0H0L0P0T0X0\0.12161:1>1B1F1J1N1R1V1Z1^1b1f1j1n1r1v1z1
2 2$2(2,2024282<2J2R2h2t2
0[1g1n1
2(222@2}2
3$3,3O3[3
3/474=4I4V4t4
4+565V5
6*6u6}6
6I7Q7W7c7s7
7i8s8y8}8
9$9,9094989<9@9D9H9L9P9T9h9
: :$:0:P:X:\:`:d:h:l:p:t:x:|:
:><N<Y<_<h<l<
?#?+?0?;?A?X?
0'0-090d0q0}0
1"1)10171>1E1L1S1Z1a1h1o1v1}1
2&2+282D2R2g2t2y2
3(3-3:3?3L3Q3^3c3p3u3
4$4)464;4H4M4Z4_4l4q4~4
5 5%52575D5I5V5[5h5m5z5
:&:0:;:C:H:S:Y:d:
:.;W;c;k;s;
39?9G9P9X9c9n9
:(:,:=:E:_:g:
= =$=(=,=0=4=D=H=L=P=T=h={=
0)070J0d0p1z1
2$2(20242<2@2H2L2T2X2`2d2l2p2x2|2
3,3<3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
3J4\4{4
8$9J9g9
:!;*;O;[;b;t;
< <0<A<E<V<^<
='=2=7=B=G=R=W=b=g=u=~=
>#>(>->;>D>I>N>\>e>j>
2F2P2X2]2
5#5'5+5/5
6"6&6*6.62666:6>6B6F6J6N6R6V6Z6^6b6f6j6n6r6v6z6~6
;,;<;\;d;h;l;p;t;x;|;
; <$<(<,<
=n=r=v=z=
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?f?n?
080@0d0h0l0
131;1?1U1]1z1
2+23272M2Y2o2
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3~3
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4|4
565>5W5_5{5
6#6H6f6
7 7$7(7,7074787<7@7D7H7L7P7T7X7h7x7|7
8$8,808G8K8O8m8u8
9)9L9p9
: :$:(:,:0:
<&<@<W<
>->G>a>
717<7G7R7
8S:f:<;(=^>
0)2@2q2*3t3
;+>??a?
1!1)1G1Y1
2)282G2V2
3$4C445B5Y5
878A8g8
<F<^<~<
00050p0n2
508V8b8z8
(0V0u0
0 141G1
5 5$5(5,5054585<5@5D5H5L5W5c5j5t5~5
5 606@6H6L6P6T6X6\6`6d6h6l6p6t6
7?7G7e7m7
8,8O8W8t8
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9
:(:B:F:T:
=,>e>i>p>
>8?=?A?E?L?e?
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
2"2&2*2.22262:2>2B2F2J2N2R2V2Z2^2b2f2j2n2r2v2z2~2
3$3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
4 4$4(4,4044484<4@4D4H4L4P4\4g4k4y4
51595=5S5[5_5x5
6064686<6R6V6Z6^6y6}6
7"7@7H7L7`7h7
8'8=8E8b8j8n8
909<9U9]9w9
:9:A:E:]:e:
;5;=;A;X;};
<2<><W<
=%=@=n=
>*>O>t>
?+?L?X?p?|?
0.0U0a0{0
1&1<1H1_1
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<3T3X3\3`3d3h3l3p3t3
4 404<4@4P4X4\4`4d4h4l4p4t4x4|4
545@5D5T5\5`5d5h5l5p5t5x5|5
6$646D6L6P6T6X6\6`6d6h6l6p6t6x6|6
7.767O7W7z7
9%9L9U9]9d9l9x9
9A:H:s:|:
<	=D={=
1Z2e2t2
3-3c3h3
3)4]4q4
5=6P6_6
;0<b<f<j<n<r<v<z<
="=1=9=G=V=a=p=x=
>$>3>;>K>
7u8|8(989U9n9
92:?:O:i:
d0m0z0
5#6.6D6U6g6q6
7G8F9U9l9
97;a;{;
=*>B>c>n>
?2?D?b?u?
"0@0S0e0
223>3N3c3n3|3
8-8G8~8
;,<R<]<e<t<
=4= >y>
2?3d3D4\4
808T8F9
;=<K<j=c>u>
2	343]3
505>5J5X5
6*6E6S6_6m6
617L7q7
8D9O9i9
;%<4<R<
=I=V=w=
?'?1?@?~?
<-<7<B<T<f<
1;2N2V2f2r2r3z3
9L:W:b:|:
;#;:;I;Y;f;l;
>U>g>l>
1$1*191>1C1U1d1z1
1@2_2{2
5)5P5u5
686H6V6i6
6N7Y7n7
9!:0:o:
030Z0r0
0/1I1h1
3&3,3>3L3h3l3t3x3|3
4 4$4(4,4044484<4@4D4H4L4P4T4\4t4
658K8t8
</=<=L=u=
2$2;2K2v2
6"6O6x6
6,7<7i7
7]8e8o8u8
: :$:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
;(;8;D;H;P;T;X;\;`;d;h;l;p;t;x;|;
<(<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
=$=0=4=@=D=L=P=T=X=\=`=d=h=l=p=t=x=|=
>,>L>T>X>\>`>d>h>l>p>t>x>|>
0;1J1^172
3$585L5`5t5
=(=8=P=e=
>(>9>=>P>p>x>|>
?4?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
000P0X0\0`0d0h0l0p0t0x0|0
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
2 2$282H2X2`2d2h2l2p2t2x2|2
3 3@3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
4/4T4q4
6,64686<6@6D6H6L6P6T6X6\6`6d6h6
7<7X7h7x7
8,848L8T8p8
9&9.9D9L9d9l9
:Q:U:Y:]:d:
;[;_;c;h;
<#<'<,<y<}<
<==A=E=I=P=
=<>@>D>H>L>
1 1m1u1|1
2 2$2(2,2024282<2@2D2H2L2P2T2b2j2
3"3&3*3.32363:3>3B3F3J3N3R3V3Z3^3b3f3j3n3r3v3z3~3
4"4&4*4.42464:4>4L4Z4^4o4s4w4
5 595E5X5{5
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6
7[8_8c8g8k8o8|8
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9
;";&;*;.;2;6;:;>;B;F;J;N;R;V;Z;^;b;f;j;n;r;v;z;~;
<"<&<*<.<2<6<:<><B<F<J<N<R<d<u<y<
= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
? ?$?(?,?0?4?B?F?J?N?`?q?u?
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1x1
213C3L3
:%:R:a:
3T3a3j3s3
324:4G4N4\4g4m4
5-595I5Z5g5
6)6?6Z6f6n6
7#7-777=7F7S7X7b7h7p7
8"8,828:8H8M8Y8c8i8q8
939A9P9
9-:J:`:h:v:
;!;&;1;9;?;\;g;p;~;
<!<.<6<B<O<V<\<h<
= =&=.=@=K=V=k=r=x=
4*4L4t4
4+566T6r6D7N7b7i7u7
:[;T<I>
2$3*4h4r4}4
0.050L0U0_0
=!=%=)=-=1=5=9=@=_=j=x=
>.>?>P>
1%2-2;2K2S2s2
696P6]6
7+8^8{8
:O;S;W;[;_;c;g;k;
<#<'<+</<R=V=Z=^=b=f=j=n=N?W?o?
9$:D:c:
3$3@3f3z6
9G:P:b:
;0<;<Z<
<.=`=k=
637%8p9
9]:m:-;
6$656?6
>=?Z?q?v?
3$4B4n4
6F7U7/8?8e9
00B0S0k0
3F4v4S5
7)757=7I7T7Z7f7p7v7
8%8*8/8:8?8D8O8\8n9
:(:8:N:V:b:l:u:
;/;<;F;W;`;
<#<(<-<7<G<R<_<
1#141O1
2&2B2P2T2p2x2|2
3$3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
:!:L:]:
;";Q;[;d;
< =C=f=
>8>[>~>
?-?O?r?
!0D0g0
171X1y1
3$3G3j3
8 8$8(8,808F8N8V8^8f8n8v8~8
9 9$9(9,90949D9d9l9p9t9x9|9
9E:u:k<w<
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1x1|1
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2z2
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3p3
3k4w4\6
6g7u7?8h8
:/:;:O:i:
;#;0;5;B;G;T;Y;f;k;x;};
>,>1>>>C>P>U>b>g>t>y>
?(?-?:???L?Q?^?c?p?u?
7Y8X9l9
141L1l1t1x1|1
1[2g2n2
3<3N3t3
3$494`4u4
5!5H5[5
606I6l6
6074787<7@7D7H7`7l7p7
8 8$8(8,80848B8J8R8Z8b8j8r8z8
8,9H9n9
:8:B:i:
>3>T>u>
0-1S1]1
2&3F3l3
0"111E1P1|2
2:3F3[3
:O:";=;S;f;
>I>W>a>m>
?*?G?X?~?
'0P0u0
90:R:W:
;,<1<^<c<,>1>\>a>
1,1<1\1d1h1l1p1t1x1|1
0.080=0W0a0f0
272J2T2Y2s2}2
313;3@3Z3d3i3
4!4)414G4Z4d4i4
5%5-555=5E5M5u5
1"101>1
:3<7<;<?<C<G<K<O<S<W<[<_<c<g<k<o<s<w<{<
4l5?6X6
;T<a<(=7=
2[3g3r3|3
4&484V4s4
6*6?6N6c6r6
5 5+5=5
536;6a6
8"8+858B8O8j8r8z8
:@:d:~:
;";&;y;
;H<]<l<
=(=0=_=~=
= >(>W>
'040Q0
6.63686=6V6
7(757W7
7@8L8Y8k8w8~8
: ;?;N;];l;
<G<L<Q<
1F2X2j2
7"717@7H7P7X7y7
?>?R?{?
70Q0_0m0{0
2*2h2u2
4+4I4a4|4
5!505?5N5]5l5{556
=%=3=A=O=
>'>A>O>]>k>y>
>R?_?y?
D0Q0k0y0
2!2/2=2*373Q3_3m3{3
4'4A4O4]4i4n4
515?5M5[5i5w5
6R7_7y7
7B8O8i8w8
829?9Y9g9u9
0(1@1^1c1x1}1
5$5[5u5
506;6A6N6Y6g6
6	7"7e7s7
:B;P;q;
2+373>3D3V3g3n3
5#525A5P5_5f6u6
=C=G=K=O=S=W=[=_=c=g=k=
2%242C2o2t2
3.333F3K3^3c3|3
7%747C7R7a7p7
8#868;8N8S8f8k8~8
9&9+9>9C9_9s9
;";*;2;:;
=H=V=c=r=
1%222@2N2Z2
4"4)41464L4W4j4
5%5;5C5H5O5e5{5
6&6.6M6R6Z6p6
7A7P7s7
8%9J9b9
:(:@:b:g:n:
<.=?=h=
>	?2?O?
1:2I2^2m2
2+3M3`3g3t3
697C7l7
8.9W9|9
92:>:g:
:/;c;{;
0?0\0|0
2%3B3b3
4/4L4l4
595V5v5
121P1d1
7&707A7^7
8'858A8i8
;%;0;C;Y;o;
<)<?<U<k<
1"2?2_2|2
3%393M3a3u3
4!434\4~4
929[9x9
0*0A0^0
4C4a4~4
5#6M6v6
7%8B8b8
9(909K9f9
<,<L<i<
0 0=0e0
2.2N2k2
3!3L3X3b3
4*464a4
676T6t6
737>7E7P7h7~7
8"8,8<8g8
9$9/9G9]9s9
:%:E:b:
<$<L<W<^<i<
= =K=t=
>A>M>[>c>p>
>M?k?u?
050@0G0R0j0v0
1$1D1a1
='=2=G=_=n=v=
>%>,>H>g>y>
0 0$0(0,0:0B0t0
1+1K1_1z1
5&5K5R5`5e5r5y5~5
<0<H<h<p<t<x<|<
:,:4:8:<:@:D:H:L:P:T:X:\:
3M3^3o3
4Z5h5s5
616K6t6
7?7N7`7h7m7s7x7
8;8E8g8v8
:%:E:J:\:f:u:
:-;;;c;
<!<%<)<-<1<5<9<=<A<E<I<M<Q<U<Y<]<a<e<i<|<
=,=>=P=b=t=
>(>:>L>^>9?W?
1"121G1m1
=3><>}>
?"?0?y?
0 1=1]1z1
2M2U2]2b2{2
2_3k3r3|3
6(787k7y7
:!;8;J;W;p;
;#<e<l<
> >O>\>
0L0b0x0
:$:,:0:4:8:<:@:D:H:L:P:T:b:
>">I>s>
>1R1y1
2)2;2J2^2r2
4	5.5d5
626A6O6i6
6]7k7~7
9.9c9,:L:T:X:\:`:d:h:l:p:t:x:|:
=-=I=]=
6!7@7d7
9,9=9X9w9
9&:[:s:
> >$>(>,>0>4>8><>@>D>b>{>
?!?3?E?Z?
0O0W0k0
1 212L2Q2c2h2w2|2
383F3T3
5.5:5D5N5W5a5n5{5
7'7E7r7
7&838M8
131S1p1
1)21292A2[2w2|2
3<3M3j3
4R4]4j4u4
555R5r5
6L6W6d6o6
767S7s7
8R9n9s9
:!:_:k:r:|:
:0;a;v;
;%<B<q<
???T?l?
263D3b3
5K5`5x5
:':/:<:D:Q:Y:
;);9;K;
<==b=y=
>'>6>F>c>
>J?\?y?
40D0T0t0
171C1J1\1l1x1
7)8g8}8
9"9:9f9
>]>k>x>
1%2-2S2
3+4V4k4y4
5+5L5T5\5d5l5t5
6	7#7A7
:4;B;i;
091c1h1
3-393I3a3
7!7^7x7
9F9U9d9s9
:8:@:Z:
;=<K<]<s<z<
>+?A?S?o?|?
2$2H2N2_2
4"5:5V5
0"0d0i0
0	1N1e1
3$454C4`4n4
5)5B5s7
7)8b8%:
<#<3<8<\<s<
=)=E=\=
><>H>\>d>h>l>p>t>x>|>
3!3A3o3z3
4 4$4(4,4044484D4H4T4X4d4h4
5$5(5,505<5@5L5P5T5X5\5`5
6T6X6d6h6
7,707\7`7
0%0)0/060:0T0]0f0r0|0
161K1W1_1i1n1s1x1}1
2$272C2M2T2^2e2o2|2
3"3-373>3H3O3Y3`3j3o3t3y3
4&4.464
5#5.535B5J5U5Z5e5l5
6&606?6K6S6b6l6q6}6
7#7.737>7C7U7f7o7t7
8,878B8J8R8\8f8k8z8
8 9-9O9U9|9
:(:5:?:Q:W:d:q:{:
;(;5;B;O;_;d;l;
<A<R<Y<_<e<l<|<
?"?4?@?R?b?l?~?
1.1@1P1o1
2#232O2_2{2
2	3 303G3W3o3
4#4:4J4a4
1(1H1,7074787<7@7H8P8T8x8|8
9 9$9(9,90949p9x9
:T;t;x;|;
< <(<0<8<@<H<P<X<`<h<p<x<
= =(=0=8=@=H=P=X=`=h=p=x=
?$?,?4?<?D?L?T?\?d?l?t?|?
0$0,040<0D0L0T0\0d0l0t0|0
1$1,141<1D1L1T1\1d1l1t1|1
2$2,242<2D2L2T2\2d2l2t2|2
3$3,383<3@3D3L3P3T3X3\3`3d3h3l3p3t3x3|3
6 6T6d6l6t6|6
;(;4;@;L;X;d;p;|;
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
= =$=(=,=0=4=8=<=
D57ABA5857F0AFF67584605E90BE4665C9814BEEC7ED390E0271A42F098683FF146F5F2ED194D183328638064363C8D00FC508A5BBF39124F5EEB1E639E92ABE5F2E4B1DF4A1969E6B1CF7F89690F5F9074DAE048343B797207DB4F32E500800936874FA82799012B0836F49D2F568FBF98889115832B93AAF3020C4899E630A447A5D129B36AD996D470C37DBF5F7C84C7C6E512F3072561711DA649666CFA6DF23C031B27EB99B48F0CC578340C314E16FE656D7C6C6AB8724C96D8D78F815BE8E7A7B09EE4F0C8FC2E404E99F8B51C789F309E28925729DAC2FC5B45A9FFF71DD931F660E44D0967F7B1459A7EABD6F2027C6850C846E3532EB9C2987698D
{<:y&q?	
server
UntKeylogger
UntMain
)UntDownloaderThread
UntSinInfo
UntCore
UntVars
UntRDPThread
UTypes
SysInit
System
UntDisableAero
KWindows
ZLibEx
^Classes
SysConst
"RTLConsts
sActiveX
3Messages
QTypInfo
SysUtils
ImageHlp
CVariants
$VarUtils
+Graphics
Consts
8Registry
IniFiles
WinSock
+UntAsyncTask
hUntSendStream
RUntRC4
UntActivePorts
TlHelp32
UntSoundCaptureThread
GMMSystem
KACMConvertor
[ACMIn
bListUnit
UntMainConnectionThread
+UntScreenCapture
7UntInputsControls
UntRemoteDesktop
UntResizePic
"GDIPUTIL
,GDIPOBJ
GDIPAPI
DirectDraw
*ShellAPI
UntControlKey
GMD5Api
=MD5Core
)UntRemoteShell
mUntSendDataFluxThread
UntKeepAlive
NUntPluginsData
8DLLMemory
"UntIPUtils
IUntSocks5
UntCaptureWebcam
UntWebCam
`VFrames
SyncObjs
VSample
ADirectShow9
FComObj
qComConst
yDirect3D9
DXTypes
DirectSound
dUntSearchThread
CryptApi
(ShlObj
UrlMon
?WinInet
RegStr
CommCtrl
untstartup
(UntUploadFTPThread
UntFTP
UntRemoteUtils
|afxCodeHook
UntQuickTransferThread
2UntDCSettingsReader
aUntWIFI
7nduWlanTypes
nduCType
nduWlanAPI
nduEapTypes
=nduWinNT
nduWinDot11
:nduNtDDNdis
nduL2cmn
DUntScreenThumb
UntReceiveDataFluxThread
UntSendFileThread
 UntFWB
TSHFolder
UntReceiveFileThread
_UntUDPFlood
dUntSynFlood
YUntScanPorts
xUSock
UntRPCScan
UntInfections
iUntProcess
UntServices
WinSvc
UntFun
0UntPasswordAndData
UntMClipboard
Clipbrd
CUxTheme
DwmApi
5Themes
&Controls
EActnList
vMenus
ImgList
Contnrs
MultiMon
StdActns
YStrUtils
Dialogs
RHelpIntfs
WideStrUtils
ExtCtrls
GraphUtil
dStdCtrls
Printers
WWinSpool
3CommDlg
FlatSB
(UntBot
UntMSN
cMessengerAPI_TLB
StdVCL
OleServer
OleConst
UntMsConfig
UntWindowManager
UntRegEdit
UntNetShareLister
XUntHTTPFlood
UntCPU
0UntMiscFunc
untFunctions
Sockets
UntRootKit
UntServerReader
UntAntiSB
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX