Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: f3c54f6a661434398408c07025db6346 --

Hashes
MD5: f3c54f6a661434398408c07025db6346
SHA1: 8952c7909cf9c323b3d475fc7643303900c82489
SHA256: 9e44a9653ea97f015a183d4b98d9deee6dd59cb664d4992cc0ea815943141ece
SSDEEP: 6144:+nPyapZ32VtFjbURsV8rPsAPrEw0RnH/WmAACSjKfK+NGLJB09I:kPZubUOVoBrEwyfWmAACSeihLJe9I
Details
File Type: PE32
Yara Hits
YRP/PackerUPX_CompresorGratuito_wwwupxsourceforgenet | YRP/UPX_wwwupxsourceforgenet_additional | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/Netopsystems_FEAD_Optimizer_1 | YRP/UPX_290_LZMA | YRP/UPX_290_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser | YRP/UPX_290_LZMA_additional | YRP/UPX_wwwupxsourceforgenet | YRP/Borland | YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser | YRP/UPX290LZMAMarkusOberhumerLaszloMolnarJohnReiser | YRP/upx_3 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/borland_delphi_dll | YRP/domain | YRP/contentis_base64 | YRP/System_Tools | YRP/DebuggerCheck__QueryInfo | YRP/ThreadControl__Context | YRP/disable_dep | YRP/keylogger | YRP/win_registry | YRP/win_files_operation | YRP/CRC32_poly_Constant | YRP/CRC32_table | YRP/BASE64_table | YRP/Delphi_Random | YRP/Delphi_CompareCall | YRP/Delphi_Copy | YRP/Delphi_DecodeDate | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API |
Strings
		!This program cannot be run in DOS mode.
"ENVf$ 
Richf$ 
4&VxW~
vWg,YY
^jPXjRfI
C1tGWn
,L"$,WS
<}tI<=|
'%<{u F^Z(
0E0k.L
"F ]j/l
<8H@TP
n3K`X@N	d<N
D&L!VbCl
N@S?Zv
l8k>.40m
cnA26i
>F@>B	FH
{N'RQu1
LY<06pP
sR(3V|
oAk%FF
WPajD^
RR$JR0
k`CmjWW
k9C7R66H
`	| l<U#(0`
`SP`Llc
8+j4$V
 $dB&d(,0dB&d48<dB&d@DHdB&dLPTeB&dX\`X
@&ddtx|P
$,!#Sr(08
22%HPLr
9C0tB[3V
z*P)!U
\6hQ]WH
 1H{lW
.406 _j_
t#n	@dBB
H3wDso
Yfod'A
np	lenNp
Kz0'gg~^
ChU;P]
CtShE:
:)FG-D
tGenRan3
pi32.dll
M0u	^ux
uWsMTz$
DHLkGd
`9dB&dhley.
U=vV+`~K_
4MLD<4
m6v`~p
X&HY2lzOs
66Z~??A
Oh44\Q
sb11S*
uB!!c 
D""fT**~;
;d22Vt::
J%%o\..r8
:c|w{M
i]s.ZR
5nYC%a]!{
pub_key
ELETE}
kTo.nMembershi\?
5rI97a
=,K!'s
` C2$wqe	[6m
4a]c9b
]`YcMce
7Y7bWw
ku#vd@
iW|jC2
{i/li	\
hQqsE-
iXv 	9Y_
}k}qc2`O
Address:
g)crab.bi
['C't fi- serv
 [ 5fB
iedjD#shasj
_E3h}x
pA53U-K
=MeGeC3-
E	+YiT
Hkl#\b
-okXp}
I1m;5/
lComputeCrc32!d!u
}fAISkc
,Uwn'hXt
tOdh%v
?0fg{y
"Y|	Cy
Y5ufm6
SetFilePoi
VirtualFree
GAttribu
!cpy	S2FD
[,TypVg%Condit
g=Object8T
ick*un
OXnProcnsS}
sZsfoW
32NextW&o
m7mra$A
La!Err[{
eYewOf:Y
gt""tR
k[kl;[u
c57r,IL
XPTPSW
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
KERNEL32.DLL
ADVAPI32.dll
CRYPT32.dll
GDI32.dll
SHELL32.dll
USER32.dll
WININET.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
FreeSid
CryptStringToBinaryA
TextOutW
ShellExecuteW
EndPaint
InternetOpenW
 prog3am
SP <8Ww
.idart
@DebON,
Str.gg(
ypCefm
B@e<$E:
@4OT	R
| Y<an
bYKZ$$
+ _B$?x
DI}WFE
FTWARE\B
orland
skV	luV
YLXZwv
xRQS0V|H
, "v)N/~w
ZTUWVSdBJ
I["tUyZXd6kt)
6\]LB`
HPD'"v
0-R3f;b f
JL'sH'Z
?@PV3I
RSoftwarNe
a?" t.
Y^8pAV"
	Excep
Memory
EDivB(yZ
RangCe+hX
y	"p$tk
BFaIod:Q
TAhread
@SB!	u
[^_&4cT
p<l.,'
ZS]dK|l
@j$*n@
3(')]5
*,!\D+8
! BpB"
k>Hd3*
}I1DQk
EFhe%k
$H"-Cx#
h!5dr!
AM/P=;
`RC\^4]
w,LrZ&"b
~&LNUQ
_[DAV3
hX1lBn
6%W1VY
.(B10k
~E34Q/
=2@)	,
%o(X.eG
\dL1TM 
!42!,&
?QmTil
nti=alu
tagEXC
oleaut
g	eTyp
F )`p	
2exN,#
tW-}(d(
|k&C3a
KJKj_|<r	
EUP?,Ny
KL#\d^r
S*~S*d!
5T	"$B
1"FD\q
:!*N<B
el%tzd
$"@D[y
_K"BT!+?
oQ(Y*Bt[
"B.&LRPX
%"@D\w
&MnQ|B
~0p-T@
8(N8ul
S0ma"int
y%oZuM
Neutral
g.M}ya
`h(6DA
v&TyOY
qAqt.<4xBA
u!D	2F
"CLOBl
RtLX_I
hmB:JGHB
6xiFM!_
DEFGHIJK
XYZabcd
efghijkl
mnopqrst
uvwxyz01
23456789%+/{
'(),-./*:?PD
"#$%&*;<
^_`{|}.
j;B01,
WriNb+H[X
	xlway
0"D]O0
w<6`z!	D
3~XX"	\
THand9:
0bP	TR
egGroupB
e*1-1/
d$G\Y5@
IRGJ$At
n8ilL+5*
EzjD#N
TD[GDC
JxLNS/
o&I*`a%
YZxUQ(!#
y,Pse<
T$z^{f;o
^>98k0
0h8dy<4
(8S3Y	T)1M&Z
nD^C86Ae
dHUsHo
LZ5lD>6(To2l
<"lD8D
ZwClosKe
 QuerWy"
DupliUc
SavHex
V<tL0Z
jIoizs
&mLIs<
h@DQ*s
p*dnu3
0-Has;hU
k18=,}2
x(xP4C
.0?<y{
PEImag
X!WsZ]
~r>ed/cv
{-Qd@BDSW
|!F3JV:h
<K.Gu!eYg
 LGdPYQ
.8e4x	
wL0v%r
&n%evEml4t
HKd=!HP 
A ! m<
cCU+tAh!Y4IC
BV#pDc|
>LBCD_
z;2uZJ
d7	NHU
c53mQ;>Hs
Sy[L;o
c/y7=($
SeM(Vs2K'	y
!0g+(v
J2DJ;&
F=3BdjyA
4h89n'g
OQ#Fr2
@pnCf/m
a=&JbE
'@yyhA
W"&!.F*
FA)I@*
V44f@(
bFtM|$
WARNI"G ]QdK
2],	($$H 
RAt/P 
/H}d8RS
Of)X)k
#((3QxFC
T /v|a'
V<'*x Nt
`|>#O|
8N=BHb*+
d}iz^K
K3i2'.
TBoTfU
_tu']F#
fb,&bG
$E%VB_
11%4<D
aB!lh-_
UMr(GW_
t>BWT8!
-zIC|B
wQfK~J
NLDEsc	
g$eXTy
T(kA_s
UB(oj	
"aLbA)
3w"bti_r
TRs('1
+'*L"(
4"DD|h
&|	Dxt
	0$,H(
H"DD@<
D21P	<$HL
&X)fT	
	X"TDPL
8"4D0,
l	h$dH
x"	tD 
	d"`D\X
	@"<D84
L"HDD@
j	f$bD
&69f2	
z"vDrn
Z"VDRN
:"6D2.
~"zDvr
^"ZDVR
>":D62
z"vDrn
Z"VDRN
:"6D2.
_"[DWS
/3n)j"	fDb^
fB!>	D:6
z"vDrn
J>)d:	6H2
."*D&"
r"nDjf
R"NDJF
2".D*&
n"jDfb
N"JDFB
."*D&"
:TB"#f
t{RRIo
=[!F*G/
m$nHoq
C2!%tBI
_eHrJP_
tqd$H(
48y8O8b*j
uw* 	$
=kC-)E
B\I4~N
H)UFTTqU\
m {$G)z
zfl/aC
ot },w
dxS !%
cd|"d+udu
_%.16x
123456	789A
$",D4<
d"lDt|
4"DDTd
(,,2t	
This pr9og
am9>u>t
dl	|Ld!
fl!41Q
""8DDP
	 $.H:
V"bEt(L
h2(	>+
jq"	0D@X
6"FDZn
6"JDbz
Hvepi(HR%egu
a)ut@ASys"5ByB
%mpLL|
Tur8s]
IsiBR3
TJA+NJzL
numMC'h
(!d,	0^
7M'YGt`
9<(:w;
vGxPz[|d~k~z
920:6;H<`=l>t$
=96C:K;o<
9;(:D;\<m=y
937:d;m<
:$;-<9=C>j?
x&z.|6
~l~t~|~
~<~D~L~T~\~d~l~t~|~
97$:,;0<4=8><?@?D?H?L?\,|P
8r4t<v@xDzH|L~P~T~X~\~l~
?X?\?`?d?h?l?p%
?(?,?0?D?d?l?p?t?x?|?
~@~D~X~x~
>r,t4v8x<z@|D~HKL
| ~$~(~,~|~
1;rFt[
S<f<t=
&5rXtrO
v6x;zK|UM
A'^Gngy
\~h~l~pJt
?4?<?@/H
= >$%,
z?A?K?V?`?k%u
t#v0xBYH
'+G8gJ
%:AX}h.>
6P|0OPxJt
R(3T&4Vd@
3rBtyv
~g~k~o~s~w~{~
~#~'N+
G82?O?S'W
L~O~SOW
~k~o~s~w~{~
l%"An**	p2PrJ:
Dp93*:A'X
v9z'~D
I\Hp>tP
9?-:a/z
*p|xDQI
<|S\_j\,?v%{
.	D XN~(],
(v%#D*v
2>#?'?+?/%3
t#v+x5
t)v6xEzUT`
=&|J;J/f
|t;#'}
~`YwD?
Zlt,K4
S|0:l ~@
zRO_	>yP
5O6U7r
XBPJ#-:
@:];rzZ
:N;^,vN
/8e'qG
>9=F'V
t!v;NQ
2%I-a:]*
>r]+zY
4xV~<~@~D[H
puZ<Kc
eP46aQ
S%rfQLg)Sl
r:j>Gy
Si(elu3xf%
e3*'n]
&ENY??
CZe8:v
In2Yvn
s3jgHc
Ko*l+%4V
D)7N&5jj
Q\hvrM 
Pd6;cN
This program must be run under Win32
.idata
.edata
P.reloc
P.rsrc
d7	NHU
c53mQ;>Hs
Sy[L;o
c/y7=($
SeM(Vs2K'	y
!0g+(v
J2DJ;&
F=3BdjyA
Cardinal
String(
WideString
TObject
TObject
System
IInterface
System
TInterfacedObject
YZ]_^[
YZ]_^[
_^[YY]
YZ]_^[
~KxI[)
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
_^[YY]
ZTUWVSPRTj
YZ]_^[
kernel32.dll
GetLongPathNameA
Software\Borland\Locales
Software\Borland\Delphi\Locales
_^[YY]
	Exception
EHeapException
EOutOfMemory
EInOutError
	EExternal
EExternalException
	EIntError
EDivByZero
ERangeErrorh	B
EIntOverflow
EMathError
EInvalidOp
EZeroDivide
	EOverflow
EUnderflow
EInvalidPointer
EInvalidCast
EConvertError
EAccessViolation
EPrivilege
EStackOverflow
	EControlC
EVariantError
EAssertionFailed
EAbstractError
EIntfCastError
EOSError
ESafecallException
TFormatSettings
SysUtils
SysUtils
TThreadLocalCounter
$TMultiReadExclusiveWriteSynchronizer
<*t"<0r=<9w9i
_^[YY]
INFNAN
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
_^[YY]
_^[YY]
$YZ_^[
t%HtIHtm
_^[YY]
$Z]_^[
QQQQQQSVW3
QQQQQSVW
_^[YY]
	TErrorRec
TExceptRec
YZ]_^[
m/d/yy
mmmm d, yyyy
:mm:ss
kernel32.dll
GetDiskFreeSpaceExA
(Z]_^[
ISequentialStream
ActiveX
IStreamHoB
ActiveX	
tagEXCEPINFO 
oleaut32.dll
VariantChangeTypeEx
VarNeg
VarNot
VarAdd
VarSub
VarMul
VarDiv
VarIdiv
VarMod
VarAnd
VarXor
VarCmp
VarI4FromStr
VarR4FromStr
VarR8FromStr
VarDateFromStr
VarCyFromStr
VarBoolFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromBool
TCustomVariantType
TCustomVariantType
Variants
EVariantInvalidOpError
EVariantTypeCastError
EVariantOverflowError
EVariantInvalidArgErrorD{B
EVariantBadVarTypeError
EVariantBadIndexError
EVariantArrayLockedError
EVariantArrayCreateError
EVariantNotImplError
EVariantOutOfMemoryError
EVariantUnexpectedError
EVariantDispatchError
_^[YY]
QQQQSV
Smallint
Integer
Single
Double
Currency
OleStr
Dispatch
Boolean
Variant
Unknown
Decimal
ShortInt
LongWord
String
Array 
ByRef 
Variants
_^[YY]
	EOleError
EOleSysError
EOleException
Apartment
Neutral
ole32.dll
CoCreateInstanceEx
CoInitializeEx
CoAddRefServerProcess
CoReleaseServerProcess
CoResumeClassObjects
CoSuspendClassObjects
QQQQQQQQSV
_^[YY]
_^[YY]
_^[YY]
_^[YY]
_^[YY]
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'(),-./:?
!"#$%&*;<=>@[]^_`{|}
EStreamError
EFileStreamError
EFCreateError
EFOpenError@
EFilerError
EReadError
EWriteErrorH
EListError
EStringListError
TThreadList
TPersistent
TPersistent
Classes
IStringsAdapter
Classes
TStrings
TStrings
Classes
TStringItem
TStringListh
TStringList
Classes
TStreamH
THandleStream
TFileStream4
	TRegGroup
TRegGroups
Strings
S$_^[Y]
_^[YY]
SdZ]_^[
$Z]_^[
_^[YY]
ETntGeneralError
TWideFileName
TSearchRecWp
QQQQQS
TNtDllHook$
ZwClose
ZwSetInformationFile
ZwQueryInformationFile
ZwReadFile
ZwCreateFile
ZwOpenFile
ZwQueryAttributesFile
ZwCreateSection
ZwMapViewOfSection
ZwQuerySection
ZwUnmapViewOfSection
ZwQueryFullAttributesFile
ZwWriteFile
ZwQueryObject
ZwQueryDirectoryFile
ZwOpenSection
ZwDuplicateObject
ZwQueryVolumeInformationFile
ZwDeleteFile
ZwLockFile
ZwUnlockFile
ZwTerminateProcess
ZwOpenKey
ZwEnumerateValueKey
ZwQueryKey
ZwQueryValueKey
ZwCreateKey
ZwEnumerateKey
ZwSetValueKey
ZwDeleteKey
ZwDeleteValueKey
ZwFlushKey
ZwLoadKey
ZwLoadKey2
ZwNotifyChangeKey
ZwQueryMultipleValueKey
ZwReplaceKey
ZwRestoreKey
ZwSaveKey
ZwSetInformationKey
ZwUnloadKey
ZwAccessCheck
ZwExtendSection
ZwFlushBuffersFile
ZwFsControlFile
ZwNotifyChangeDirectoryFile
ZwQuerySecurityObject
ZwSetSecurityObject
ZwSetVolumeInformationFile
ZwOpenKeyEx
ZwCreateProcess
ZwCreateProcessEx
ZwCreateUserProcess
ZwResumeThread
ZwCreateThread
ZwQueryInformationProcess
ZwQueryVirtualMemory
ZwDeviceIoControlFile
ZwUnmapViewOfSectionEx
ZwQueryDirectoryFileEx
kernel32.dll
IsWow64Process
kernel32.dll
GetNativeSystemInfo
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
SWVQRP
ntdll.dll
ZwProtectVirtualMemory
ntdll.dll
ZwClose
ntdll.dll
ZwQueryInformationFile
ntdll.dll
ZwSetInformationFile
ntdll.dll
ZwWriteFile
ntdll.dll
ZwCreateFile
SVWhXZC
_^[YY]
ntdll.dll
kernel32.dll
GetProcAddress
WideStringHashUnit
TWideStringHash
TVirtualBoxDriveItem
TVirtualBoxRegistryRootItem
TVirtualBoxChildProcessX
virtualboxunit
CPEImage
virtualboxunit
virtualboxunit
virtualboxunit
CVirtualBox
_^[YY]
_^[YY]
ZwQuerySection, Unsupported class %d
ntdll.dll
InitializeSelf
_^[YY]
>MZuhj
KeySetValue unsupported value type 
ZwQueryValueKey, unsupported class %d
ZwQueryKey, unsupported class %d
ZwQueryObject with unsupported class 
WARNING ZwReadFileInformation with unsupported class 
_^[YY]
ZwSetInformationFile with unsupported class 
QQQQSVW
DllRegisterServer
DllInstall
Software
_^[YY]
_^[YY]
TSxsGenerateContext_XP|
TSxsGenerateContext_Vista
TSxsGenerateContext_Seven
RtlCreateActivationContext
ntdll.dll
sxs.dll
SxsGenerateActivationContext
SVWhx,D
_^[YY]
kernel32.dll
CreateActCtxW
TStringPart
CFileDescription
virtualboxglobalsunit
CVirtualBoxGlobals
TVirtualPackageX
TMapTemporaryFile
TVirtualBoxAsZwMap 
TVirtualBoxRegistryItemH
CVirtualBoxTreeItem
P$YZ_^
P,YZ_^
P4YZ_^
P<YZ_^
E#+E/^ZY
THookWindowsAPI
ZwClose
ZwCreateFile
ZwOpenFile
ZwCreateSection
ZwMapViewOfSection
ZwUnmapViewOfSection
ZwUnmapViewOfSectionEx
ZwReadFile
ZwQueryInformationFile
ZwSetInformationFile
ZwQueryAttributesFile
ZwQuerySection
ZwQueryFullAttributesFile
ZwWriteFile
ZwDeviceIoControlFile
ZwQueryObject
ZwQueryDirectoryFile
ZwQueryDirectoryFileEx
ZwOpenSection
ZwDuplicateObject
ZwDeleteFile
ZwLockFile
ZwUnlockFile
ZwTerminateProcess
ZwQueryVolumeInformationFile
ZwSetVolumeInformationFile
ZwAccessCheck
ZwExtendSection
ZwFlushBuffersFile
ZwFsControlFile
ZwNotifyChangeDirectoryFile
ZwQuerySecurityObject
ZwSetSecurityObject
ZwCreateProcess
ZwCreateProcessEx
ZwCreateUserProcess
ZwResumeThread
ZwCreateThread
ZwQueryInformationProcess
ZwOpenKey
ZwOpenKeyEx
ZwEnumerateValueKey
ZwQueryKey
ZwQueryValueKey
ZwCreateKey
ZwEnumerateKey
ZwSetValueKey
ZwDeleteKey
ZwDeleteValueKey
ZwFlushKey
ZwLoadKey
ZwLoadKey2
ZwNotifyChangeKey
ZwQueryMultipleValueKey
ZwReplaceKey
ZwRestoreKey
ZwSaveKey
ZwSetInformationKey
ZwUnloadKey
_^[YY]
ntdll.dll
kernel32.dll
GetProcAddress
CDotNet
QQQQQQQSVW
_^[YY]
_^[YY]
_^[YY]
_^[YY]
_^[YY]
_^[YY]
_^[YY]
_^[YY]
_^[YY]
_^[YY]
_^[YY]
_^[YY]
_^[YY]
_^[YY]
CGlobalPaths
Cannot load library 
Cannot find function %s in library %s
Cannot find function ordinal %d in library %s
Memory Protection failed...
ntdll.dll
RtlGetCurrentPeb
EVB_%.16x_%.8x
ntdll.dll
Runtime error     at 00000000
0123456789ABCDEF
Qkkbal
This program must be run under Win32
ntdll.dll
ZwOpenFile
This program must be run under Win32
.section
ntdll.dll
ZwOpenFile
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
user32.dll
GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll
SysFreeString
SysReAllocStringLen
SysAllocStringLen
kernel32.dll
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
advapi32.dll
RegOpenKeyA
kernel32.dll
WriteProcessMemory
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualProtectEx
VirtualProtect
VirtualFree
VirtualAllocEx
VirtualAlloc
SystemTimeToFileTime
SizeofResource
SetThreadContext
SetLastError
SetFileTime
SetFilePointer
SetFileAttributesW
SetFileAttributesA
SetEvent
SetEndOfFile
SetCurrentDirectoryW
SetCurrentDirectoryA
ResetEvent
RemoveDirectoryW
RemoveDirectoryA
ReadProcessMemory
ReadFile
QueryDosDeviceW
PostQueuedCompletionStatus
MultiByteToWideChar
LockResource
LoadResource
LoadLibraryW
LoadLibraryA
LeaveCriticalSection
IsBadWritePtr
IsBadStringPtrW
IsBadReadPtr
InitializeCriticalSection
GetWindowsDirectoryW
GetWindowsDirectoryA
GetVersionExA
GetVersion
GetThreadLocale
GetThreadContext
GetTempPathW
GetTempPathA
GetTempFileNameW
GetTempFileNameA
GetSystemDirectoryW
GetSystemDirectoryA
GetStringTypeExW
GetStringTypeExA
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
GetModuleFileNameA
GetLogicalDriveStringsW
GetLocaleInfoW
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameW
GetFullPathNameA
GetFileSize
GetFileAttributesW
GetFileAttributesA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryW
GetCurrentDirectoryA
GetCPInfo
GetACP
FreeResource
FreeLibrary
FormatMessageA
FlushInstructionCache
FindResourceW
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitProcess
EnumCalendarInfoA
EnterCriticalSection
DeleteFileW
DeleteFileA
DeleteCriticalSection
CreateFileW
CreateFileA
CreateEventA
CreateDirectoryW
CreateDirectoryA
CompareStringW
CompareStringA
CloseHandle
user32.dll
MessageBoxA
LoadStringA
GetSystemMetrics
CharUpperBuffW
CharUpperW
CharLowerBuffW
CharLowerW
CharNextA
CharLowerA
CharUpperA
CharToOemA
kernel32.dll
kernel32.dll
QueryDosDeviceW
ole32.dll
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
oleaut32.dll
GetErrorInfo
SysFreeString
oleaut32.dll
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
ntdll.dll
RtlInitUnicodeString
RtlFreeUnicodeString
RtlFormatCurrentUserKeyPath
RtlDosPathNameToNtPathName_U
SHFolder.dll
SHGetFolderPathW
SHGetFolderPathA
ntdll.dll
ZwProtectVirtualMemory
shlwapi.dll
PathMatchSpecW
ntdll.dll
LdrGetProcedureAddress
RtlFreeUnicodeString
RtlInitAnsiString
RtlAnsiStringToUnicodeString
LdrLoadDll
loaderx86.dll
InitializeSelf
loaderx86
YStrUtils
KWindows
System
SysInit
UTypes
SysUtils
SysConst
Uvirtualboxdisasm
TlHelp32
UJwaWinError
gJwaWinType
;JwaWinNT
CommonTypes
_DateUtils
"RTLConsts
(Win32Types
TSHFolder
TntFormatStrUtils
TntClasses
TntSysUtils
TntWindows
TntWideStrUtils
(ShlObj
sActiveX
3Messages
CommCtrl
*ShellAPI
RegStr
?WinInet
UrlMon
TntSystem
CVariants
$VarUtils
FComObj
qComConst
QTypInfo
8Registry
^Classes
IniFiles
Contnrs
RTntWideStrings
JwaNtStatus
WideStringHashUnit
Fcommonloader
w32types
oJwaNative
JwaWinBase
common
unpack
dotnet
qvirtualboxglobalsunit
globalpathsunit
virtualboxunit
virtualboximportunit
virtualboxemulunit
0$040T0`0d0h0l0p0t0x0|0
1(1,1H1P1T1X1\1`1d1h1l1p1
2"2*222:2B2J2R2Z2b2j2r2z2
7M7Y7t7
:(:2:8:F:L:T:f:r:
; ;&;.;8;O;Z;{;
>%>>>G>P>[>d>k>z>
0$040=0
181R1|1
20262H2`2l2t2
4%4+4;4D4
5=6C6K6o6
6N7c7p7
;(;D;\;m;y;
>'>E>[>r>
1"262>2T2l2z2
373d3m3
6'7:7N7
7!8*818
9?9I9S9[9a9o9
<$<-<9<C<j<
=7=A=L=_=g=
>#>(>;>G>T>f>s>
?&?.?6?>?F?N?V?^?f?n?v?~?
0&0.060>0F0N0V0^0f0n0v0~0
1&1.161>1F1N1V1^1f1n1v1~1
2&2.262>2F2N2V2^2f2n2
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
6 6$6(6,6:6L6l6t6x6|6
7$7,7074787<7@7D7H7L7\7|7
848<8@8D8H8L8P8T8X8\8l8
9<9D9H9L9P9T9X9\9`9d9x9
:(:H:P:T:X:\:`:d:h:l:p:
; ;0;P;X;\;`;d;h;l;p;t;x;
< <$<(<,<0<D<d<l<p<t<x<|<
=$=(=,=0=4=8=<=@=D=X=x=
>,>4>8><>@>D>H>L>P>T>l>
?$?D?L?P?T?X?\?`?d?h?l?|?
0$050<0Y0a0i0q0y0
1(1014181<1@1D1H1L1P1
2 2$2(2,2|2
8!8,898>8H8X8c8p8u8
2#3K3V3
8A8I8Q8Y8a8
>E?_?i?
:1;F;[;=<Q<
=7=H=`=
>?>S>d>t>
293>3L3o3
475O5a5y5
5	6 626
7#7:7L7
9":O:T:n:
:	;/;K;j;|;
=H=a=n=
?$?N?_?h?
303H3g3o3}3
4&5X5r5
777l7{7
8&8,81878<8B8I8O8Z8b8k8w8}8
9(9-9f9
?$?6?;?K?U?
$0:0c0q0
151C1b1z1
292[2j2z2
4>4^4n4y4
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9
:$:(:0:4:<:@:H:L:T:X:`:d:l:p:x:|:
; ;$;,;0;8;<;D;H;P;T;\;`;h;l;t;x;
<!<+<1<;<A<K<V<`<k<u<
= =7=C=K=U=`=h=m=
>#>0>B>O>[>h>z>
?#?0?B?H?_?
0+080J0R0Z0b0j0
1:1p1}1
2H2U2~2
2&3@3u3
5#5)5.595?5D5O5U5Z5e5k5p5{5
6 6+61666A6G6L6W6]6b6m6s6x6
8,8>8n8r8v8
9 989P9T9h9
:0:P:X:\:`:d:h:l:p:t:x:
; ;$;(;,;0;4;8;<;@;\;|;
<(<H<P<T<X<\<`<d<h<l<p<
= =$=(=,=0=4=8=<=\=|=
>->;>J>a>
?+?:?Q?
0*0A0n0
1%141K1Z1q1
2&2X2g2~2
$0C0G0K0O0S0W0[0_0c0g0k0o0s0w0{0
0,1g2k2o2s2w2{2
96:O:j:
;#;';+;/;3;7;;;?;C;G;K;O;S;W;[;t;
;+=/=3=7=;=?=C=G=K=O=S=W=[=_=c=g=k=o=s=w={=
0:0S0k0
1"1&1*1.12161:1>1M1
3*3A3X3o314U4
5B5[5t5
6 6$6(6,6064686<6@6D6H6\6
8!8%8n8v9z9~9
<H=L=P=T=X=\=`=d=h=l=p=t=x=|=
?#?'?+?/?3?7?;???C?G?K?O?S?W?[?_?c?g?
7(8E8}8
<!<%<)<-<1<5<9<=<A<E<I<M<Q<U<Y<]<a<e<i<=>
?-?a?z?
1(1135393=3A3E3I3M3Q3U3Y3]3a3e3i3m3q3u3y3}3
<T=i=~=
?*?0?D?I?
)0N0[0f0
1"1,1>1S1_1g1q1v1{1
2+282J2P2p2x2|2
3$3,3034383<3@3D3H3L3Z3b374g4
=+=>=k=_>
>j?s?y?
0'040?0Q0b0o0u0|0
0S1_1l1~1
2&232?2L2^2k2w2
9-:Z:e:
232?2G2O2Z2l2
6-6<6K6Z6d6i6s6
7'727G7Q7V7`7h7p7x7
738?8F8P8[8m8~8
9 9$9(9@9`9h9l9p9t9x9|9
: :$:(:,:0:4:8:<:L:l:t:x:|:
;$;(;,;0;4;8;<;@;D;T;t;|;
<8<@<D<H<L<P<T<X<\<`<p<
=!=D=P=T=d=l=p=t=x=|=
>,>:>>>P>i>t>
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?d?u?y?
0$0(0,0004080<0@0D0H0L0P0T0X0\0`0t0
1 1$1(1,101@1`1h1l1p1t1x1|1
173N3U3W4d4q4
9O9V9m9
2#3@3u3
:X;p;!<9<
1)202G2
2D3I3p3x3
8#8'8+8/83878;8?8C8G8K8O8S8W8[8_8Z9
<!<?<K<R<\<t<
='=3===D=N=U=_=l=
>;>G>N>Y>k>~>
?$?6?<?\?d?h?l?p?t?x?|?
:#:+:5:::D:N:^:c:m:w:
;#;/;<;N;[;g;t;
?%?7?M?U?g?s?
8*8E8R8a8z8
9"9>9[9z9
:):6:E:U:`:m:
;/;R;e;o;{;
<*<;<N<i<v<
=&=7=J=f=w=
>%>0>=>R>s>
?%?1?;?G?Y?e?s?
0%020A0Z0
1$111F1[1r1
2&2A2N2]2m2w2
363R3g3~3
3	4"4?4^4z4
6)7.7<7K7
9+9f9v9
;!;+;5;?;I;S;`;w;
<,<4<8<<<@<D<H<L<P<T<b<
>S?_?l?~?
1:1B1L1u1}1
2 2$2(2,202>2P2\2d2x2
3&3.363>3F3N3
9+989E9R9_9l9y9
9	=4=I=f=
;;<R<^<
3O4l4M5
9 9$9(9,9094989<9
5 6x6"7
;2<W<g<
0I1g1 2B2I2~2
2@4b42=W=
4B6D8p8
2F3a3|3
324n5y5
=2>/?=?h?{?
0D0W0h0
? ?j?w?
7*7;7H7S7
=)=;=Q=Y=c=t=
>$>@>L>`>h>l>p>t>x>|>
?4?<?a?i?q?y?
5=6L6.7;7
9&9Z9d9p9
9O:[:b:m:
;/;R;o;
!000?0
4!5D5N5^5v5
6"626I6Y6{6
7#8+8;8M8
8T9\9l9~9
:/;=;E;U;};
='=7=O=
>#>e>s>{>
3&3<3x3
3_4g4w4
575Q5Y5s5
6+6o6w6
7c7q7y7
7/8e8q8
8S9[9k9}9
:d;r;};
<>=F=V=h=
>/?7?G?
0 0[0c0s0
122Z2x2
;U<]<s<
?#?2?a?o?z?
0L0X0j0
1!1;1Q1
2%2-2G2]2
3 3$3(3,3034383F3N3V3^3f3n3v3~3
<(<J<l<
=8=Z=|=
? ?A?T?Z?j?
223d3o3
6\748B8M8x8
;7<e<s<}<
= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
<0@0D0
081@1D1h1l1
2 2$2`2h2p2x2
3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
505T5x5
6,6P6t6
7(7L7p7
8$8H8l8
8 9D9h9
= =(=0=8=@=H=P=X=`=h=p=x=
> >(>0>8>@>H>P>X>`>h>p>x>
? ?(?0?8?@?H?P?X?`?h?p?x?
0 0(00080@0H0P0X0`0h0p0x0
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<3